1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved recycle bin on drive C: is corrupted

Discussion in 'Malware and Virus Removal Archive' started by 810311, 2011/01/20.

Page 1 of 3
  1. 2011/01/20
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    [Resolved] recycle bin on drive C: is corrupted

    Hello good people,

    I have been trying to resolve the issuer with the recycle bin for a while now.

    goddez1 from Windows XP forum suggested that I contact this forum as the problem may still relate to a virus etc.

    Please, see links below related to this issue:

    http://www.windowsbbs.com/windows-xp/97311-recycle-bin-drive-c-corrupted.html#post549329

    http://www.computerhope.com/forum/in...topic=114750.0

    http://www.computerhope.com/forum/index.php/topic,114150.msg767309.html#msg767309

    Thanks a lot
     
    810311,
    #1
  2. 2011/01/20
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    Hi there,

    Please, see logs below:


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5569

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/22/2011 1:05:29 AM
    mbam-log-2011-01-22 (01-05-29).txt

    Scan type: Quick scan
    Objects scanned: 150481
    Time elapsed: 4 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
    810311,
    #3
  5. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-22 22:16:49
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721010G9SA00 rev.MCZOC10H
    Running: 9zit5uo5.exe; Driver: C:\DOCUME~1\SERGEI~1\LOCALS~1\Temp\pftoapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB6D4680A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB6D45D8A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB6D46470]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB6D4707E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB6D45C66]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB6D4913C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB6D494C2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB6D45652]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB6D469F6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB6D46BF6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB6D45458]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB6D477BC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB6D47A12]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB6D48B4C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB6D46052]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB6D4664C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB6D4706E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB6D45086]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB6D462F6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB6D4528A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB6D47C20]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB6D48074]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB6D47E32]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB6D475D4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB6D485E4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB6D48898]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB6D46E46]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB6D48E44]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB6D4734C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB6D45FBC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB6D461E2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB6D45A68]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB6D45856]
     
    810311,
    #4
  6. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB933A360, 0x212B5D, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003BCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003BCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003BCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003BCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003BCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003BC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003BCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003BCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003BC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003BCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003BCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003BC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003BA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 003BCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003BCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003BCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003BCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003BCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003BCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003B8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003BCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003BCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003BCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003BCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 003BCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003BCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003BCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003BCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003BCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003BCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003BCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003BCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003BCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003BCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003BCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 003BD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [5D, 88, CC, CC] {POP EBP; MOV AH, CL; INT 3 }
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003B62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 003BD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003B6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 003BDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 003BDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003BE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 003BC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 003BC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 003BCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 003BC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 003BC980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 003BC960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003BE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[128] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003BE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #5
  7. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 006DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 006DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 006DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 006DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 006DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 006DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 006DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 006DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 006DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 006DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 006DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 006DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 006DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 006DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 006DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 006DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 006DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 006DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 006DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 006DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 006DC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 006DC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 006DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [8F, 88, CC, CC]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 006DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 006D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 006DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 006DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 006DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 006DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 006DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 006DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 006DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 006DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[216] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 006DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0065CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0064CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0065CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0065CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0065CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0065CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0065C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0065CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0065CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0065C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0065CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0065CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0065CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0065C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0064CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0065CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0065CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0065CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00657790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00658320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0065CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0065CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0065CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0065CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0065CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0065CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0065CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0065CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0065CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0065CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0065CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0065CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0065CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0065CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0065CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0065CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0065CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0065CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0065CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0065CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0065D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [87, 88, CC, CC]
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006562C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0065D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00656BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0065DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0065DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0065E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0065C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0065C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0065CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0065C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #6
  8. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 3 Bytes JMP 0091CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtAllocateVirtualMemory + 4 7C90CF72 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0090CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 0091CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 0091CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtCreateProcessEx 7C90D15E 3 Bytes JMP 0091CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtCreateProcessEx + 4 7C90D162 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes JMP 0091CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtDeleteFile + 4 7C90D242 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtFreeVirtualMemory 7C90D38E 3 Bytes JMP 0091C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtFreeVirtualMemory + 4 7C90D392 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes JMP 0091CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtLoadDriver + 4 7C90D472 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes JMP 0091CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtOpenFile + 4 7C90D5A2 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtSetInformationProcess 7C90DC9E 3 Bytes JMP 0091CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtSetInformationProcess + 4 7C90DCA2 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtUnloadDriver 7C90DEBE 3 Bytes JMP 0091CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtUnloadDriver + 4 7C90DEC2 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!RtlAllocateHeap 7C9100C4 3 Bytes JMP 0091C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!RtlAllocateHeap + 4 7C9100C8 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes JMP 0091A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!LdrLoadDll + 4 7C9163C7 1 Byte [84]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0090CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0091CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0091CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0091CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0091CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0091CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0091CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00917790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00918320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0091CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0091CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0091CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0091CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0091CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0091CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0091CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0091CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0091CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0091CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0091CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0091CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0091CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0091CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0091CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0091CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0091CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0091CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0091CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0091CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0091D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [B3, 88, CC, CC] {MOV BL, 0x88; INT 3 ; INT 3 }
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 009162C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0091D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00916BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0091DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0091DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0091E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0091C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0091C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0091CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[320] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0091C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00ABCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00AACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00ABCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00ABCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00ABCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00ABCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00A26DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00ABC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00ABCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00A272BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00ABCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00ABC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00A25BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00ABCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00ABCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00A2737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00A2724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00ABCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00ABC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00ABA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 00ABCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00A25AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ABCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ABCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00ABCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ABCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ABCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AB7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AB8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00A26C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00A2595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ABCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ABCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00A261DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00ABCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00A265B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00A26AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00ABCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00A2633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00A26261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00A262BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ABCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00A266AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00A26A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00A259B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00A264E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00A26EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00A26F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00ABCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00A27202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00ABCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00ABCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00ABCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00ABCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00A25BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00A2718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00A26BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00ABCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00A2644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00A269D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00ABCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00ABCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00A27001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00ABCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00A26D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00ABCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00ABCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00A25E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00A26E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00A25F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00A25A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00A27108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00ABCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00ABCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ABCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00ABCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00A27236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 00ABC980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00ABC960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 00ABD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [CD, 88, CC, CC] {INT 0x88; INT 3 ; INT 3 }
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00AB62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 00ABD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00AB6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00ABDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00ABDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00ABE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00A271E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00ABE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00ABE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00ABC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00ABC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 00ABC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 00ABC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 00ABCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\bcmwltry.exe[332] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 00ABC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #7
  9. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0085CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0084CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0085CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0085CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0085CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0085CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0085C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0085CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0085CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0085C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0085CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0085CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0085CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0085C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0085A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0084CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0085CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0085CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0085CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0085CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0085CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0085CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00857790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00858320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0085CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0085CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0085CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0085CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0085CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0085CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0085CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0085CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0085CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0085CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0085CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0085CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0085CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0085CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0085CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0085CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0085CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0085CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0085CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0085CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0085D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [A7, 88, CC, CC] {CMPSD ; MOV AH, CL; INT 3 }
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 008562C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0085D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00856BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0085DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0085DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0085E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\spoolsv.exe[376] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0085E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0085E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0085C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0085C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0085CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[376] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0085C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\SCardSvr.exe[436] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #8
  10. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0065CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0064CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0065CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0065CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0065CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0065CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0065C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0065CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0065CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0065C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0065CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0065CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0065CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0065C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0064CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0065CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0065CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0065CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0065CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0065CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00657790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00658320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0065CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0065CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0065CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0065CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0065CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0065CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0065CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0065CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0065CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0065CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0065CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0065CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0065CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0065CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0065CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0065CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0065CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0065CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0065CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0065CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0065D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [87, 88, CC, CC]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006562C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0065D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00656BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0065DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0065DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0065E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0065C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0065C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0065CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0065C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0065E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[620] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0065E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0093CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0092CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0093CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0093CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0093CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0093CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0093C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0093CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0093CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0093C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0093CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0093CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0093C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0093A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0092CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0093CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0093CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0093CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0093CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0093CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0093CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00938320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0093CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0093CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0093CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0093CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0093CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0093CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0093CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0093CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0093CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0093CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0093CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0093CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0093CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0093CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0093CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0093CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0093D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [B5, 88, CC, CC] {MOV CH, 0x88; INT 3 ; INT 3 }
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 009362C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0093D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00936BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0093DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0093DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0093E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0093C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0093C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0093CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0093C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0093E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[688] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0093E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #9
  11. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003ACE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0039CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003ACDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003ACE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003ACE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003ACE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003AC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003ACDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003ACDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003AC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003ACD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003ACD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003ACE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003AC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003AA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 003ACD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003ACC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003ACA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003ACCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003ACCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003ACA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003ACD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003ACA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003ACAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003ACAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003ACBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 003ACCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003ACC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003ACC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003ACB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003ACB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003ACBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003ACB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003ACB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003ACC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003ACA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003ACD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 003AD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [5C, 88, CC, CC] {POP ESP; MOV AH, CL; INT 3 }
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003A62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 003AD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003A6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 003ADD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 003ADAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003AE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\rundll32.exe[740] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 003AC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 003AC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 003ACA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 003AC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003AE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\rundll32.exe[740] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003AE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00A2CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00A1CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A2CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A2CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00A2CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00A2CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00376DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00A2C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00A2CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003772BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00A2CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00375BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00A2CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00A2CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 0037737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 0037724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A2CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00A2C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A2A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 00A2CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00375AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A2CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A2CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00A2CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A2CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A2CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A27790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A28320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00376C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 0037595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A2CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A2CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 003761DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00A2CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 003765B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00376AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00A2CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 0037633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00376261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 003762BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A2CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 003766AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00376A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 003759B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 003764E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00376EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00376F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00A2CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00377202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A2CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 00A2CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00A2CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A2CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00375BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 0037718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00376BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A2CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 0037644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 003769D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00A2CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00A2CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00377001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00A2CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00376D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A2CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00A2CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00375E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00376E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00375F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00375A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00377108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00A2CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00A2CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A2CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00A2CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00377236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 00A2D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [C4, 88, CC, CC]
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 00A2D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A26BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00A2DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00A2DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A2E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 003771E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 00A2C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00A2C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 00A2E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 00A2E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00A2C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00A2C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 00A2C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 00A2C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 00A2CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Dell\QuickSet\Quickset.exe[804] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 00A2C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #10
  12. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003CCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003CCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003CCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003CCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003CCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003CC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003CCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003CCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003CC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003CCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003CCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003CC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003CA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 003CCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003CCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003CCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003CCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003CCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003CCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003C7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003C8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003CCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003CCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003CCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003CCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003CCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003CCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 003CCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003CCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003CCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003CCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003CCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003CCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003CCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003CCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003CCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003CCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003CCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003CCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003CCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 003CD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [5E, 88, CC, CC] {POP ESI; MOV AH, CL; INT 3 }
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003C62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 003CD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003C6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 003CDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 003CDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003CE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 003CC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 003CC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 003CCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 003CC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 003CE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[836] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 003CE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0039CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0039CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0039CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0039CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0039CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0039C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0039CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0039CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0039C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0039CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0039CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0039C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0039A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0039CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0039CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0039CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0039CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0039CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0039CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00398320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0039CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0039CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0039CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0039CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0039CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0039CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0039CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0039CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0039CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0039CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0039CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0039CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0039CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0039CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0039CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0039CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0039D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [5B, 88, CC, CC] {POP EBX; MOV AH, CL; INT 3 }
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0039D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00396BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0039DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0039DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0039E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\stsystra.exe[860] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0039C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0039C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0039CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0039C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0039E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\stsystra.exe[860] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0039E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #11
  13. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\winlogon.exe[972] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005FCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005ECD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005FCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005FCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005FCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005FCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005FC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005FCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005FCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005FC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005FCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005FCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005FCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005FC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005FA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005ECE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005FCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005FCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005FCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005FCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005FCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005FCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005F7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005F8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005FCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005FCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005FCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005FCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005FCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005FCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005FCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005FCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005FCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005FCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005FCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005FCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005FCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005FCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005FCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005FCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005FCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005FCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005FCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005FCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005FD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [81, 88, CC, CC]
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005F62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005FD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005F6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005FDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005FDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005FE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\services.exe[1016] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005FC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005FC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005FCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[1016] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005FC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #12
  14. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 006CCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006BCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006CCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006CCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 006CCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 006CCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 006CC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 006CCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 006CCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006CC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 006CCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 006CCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 006CC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006CA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006BCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 006CCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006CCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006CCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 006CCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006CCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006CCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006CCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 006CCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 006CCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006CCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 006CCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 006CCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 006CCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 006CCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 006CCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 006CCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 006CCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 006CCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 006CCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 006CCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 006CCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 006CCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 006CCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006CCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 006CCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 006CD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [8E, 88, CC, CC]
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 006C62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 006CD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 3 Bytes JMP 006C6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!CreateProcessAsUserA + 4 77E10CEC 1 Byte [88]
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 006CDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 006CDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 006CE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\savedump.exe[1032] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 006CE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 006CE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 006CC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 006CC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 006CCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\savedump.exe[1032] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 006CC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 005DC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005DC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[1044] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #13
  15. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1228] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1228] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1300] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1300] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #14
  16. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 1002C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Apoint\Apoint.exe[1428] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 1002C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050AEF0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005227C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1444] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvaul
     
    810311,
    #15
  17. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1480] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1480] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 1002A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 1002CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10027790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10028320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 1002D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [24, 98, CC, CC] {AND AL, 0x98; INT 3 ; INT 3 }
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 100262C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 1002D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10026BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 1002DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 1002DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 1002E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 1002E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 1002C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 1002C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 1002CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 1002C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 1002C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe[1512] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #16
  18. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1656] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1656] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #17
  19. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0088CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0087CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0088CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0088CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0088CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0088CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0088C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0088CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0088CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0088C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0088CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0088CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0088CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0088C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0088A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0087CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0088CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0088CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0088CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0088CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0088CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0088CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00887790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00888320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0088CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0088CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0088CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0088CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0088CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0088CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0088CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0088CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0088CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0088CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0088CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0088CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0088CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0088CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0088CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0088CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0088CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0088CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0088CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0088D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [AA, 88, CC, CC] {STOSB ; MOV AH, CL; INT 3 }
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 008862C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0088D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00886BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0088DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0088DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0088E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\Explorer.EXE[1704] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0088E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0088E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0088C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 0088C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0088C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0088C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0088CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1704] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0088C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1856] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1856] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #18
  20. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005FCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005ECD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005FCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005FCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005FCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005FCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005FC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005FCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005FCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005FC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005FCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005FCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005FCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005FC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005FA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005ECE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005FCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005FCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005FCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005FCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005FCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005FCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005F7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005F8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005FCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005FCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005FCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005FCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005FCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005FCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005FCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005FCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005FCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005FCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005FCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005FCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005FCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005FCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005FCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005FCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005FCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005FCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005FCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005FCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005FD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [81, 88, CC, CC]
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005F62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005FD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005F6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005FDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005FDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 005FC920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 005FC940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005FC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005FC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005FCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005FC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005FE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[1904] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005DCE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 005CCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 005DCDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 005DCE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 005DCE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 005DCE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 005DC490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 005DCDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 005DCDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 005DC440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 005DCD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 005DCD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 005DCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 005DC4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 005DA630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 005CCE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 005DCD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 005DCC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 005DCA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 005DCCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 005DCCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 005DCA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005D7790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 005D8320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 005DCD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 005DCA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 005DCAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 005DCAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 005DCC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 005DCB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 005DCBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 005DCCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 005DCBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 005DCC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 005DCC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 005DCB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 005DCAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 005DCB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 005DCBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 005DCB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 005DCB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 005DCC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 005DCA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 005DCD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 005DD830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [7F, 88, CC, CC] {JG 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005D62C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 005DD590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 005D6BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 005DDD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 005DDAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 005DE3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\WINDOWS\system32\svchost.exe[1928] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 005DE840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 005DE600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 005DC9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 005DC9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 005DCA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1928] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 005DC9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #19
  21. 2011/01/22
    810311

    810311 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    68
    Likes Received:
    0
    text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0089CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0088CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0089CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0089CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0089CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0089CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 007D6DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0089C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0089CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 007D72BA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0089CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0089C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 007D5BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0089CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0089CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 007D737D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 007D724D C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0089CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0089C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0089A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0088CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0089CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 007D5AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0089CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0089CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0089CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0089CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0089CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00897790 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00898320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 007D6C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 007D595F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0089CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0089CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 007D61DA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0089CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 007D65B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 007D6AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0089CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 007D633F C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 007D6261 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 007D62BB C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0089CC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 007D66AD C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 007D6A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 007D59B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 007D64E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 007D6EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 007D6F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 0089CB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 007D7202 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0089CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0089CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 0089CBE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0089CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 007D5BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 007D718A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 007D6BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0089CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 007D644C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 007D69D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0089CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 0089CAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 007D7001 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0089CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 007D6D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0089CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0089CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 007D5E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 007D6E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 007D5F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 007D5A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 007D7108 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0089CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0089CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0089CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0089CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 007D7236 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0089D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [AB, 88, CC, CC] {STOSD ; MOV AH, CL; INT 3 }
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 008962C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0089D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00896BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0089DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0089DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0089E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 007D71E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 0089E840 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 0089E600 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0089C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0089C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0089CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0089C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 0089C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0089C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0089C980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[2032] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 0089C960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0055CE00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0054CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0055CDC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0055CE80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 0055CE60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 0055CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 0055C490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 0055CDE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 0055CDA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0055C440 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 0055CD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 0055CD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0055CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 0055C4E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0055A630 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0054CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 0055CD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0055CC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0055CA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 0055CCC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0055CCE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0055CA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00558320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0055CD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0055CA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 0055CAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 0055CAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0055CBA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 0055CCA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0055CC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0055CC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 0055CB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 0055CB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0055CBC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 0055CB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 0055CB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 0055CC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 0055CA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 0055CD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!OpenServiceW 77DE6FFD 2 Bytes JMP 0055D830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!OpenServiceW + 3 77DE7000 4 Bytes [77, 88, CC, CC] {JA 0xffffffffffffff8a; INT 3 ; INT 3 }
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 005562C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 0055D590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00556BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 0055DD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 0055DAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0055E3C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
    .text C:\xampp\apache\bin\httpd.exe[2116] SHELL32.dll!ShellExecuteExW 7CA0991B 5 Bytes JMP 0055C9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] SHELL32.dll!ShellExecuteEx 7CA40E7D 5 Bytes JMP 0055C9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] SHELL32.dll!ShellExecuteA 7CA411A8 5 Bytes JMP 0055CA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] SHELL32.dll!ShellExecuteW 7CAB5E68 5 Bytes JMP 0055C9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 0055C920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\xampp\apache\bin\httpd.exe[2116] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 0055C940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
     
    810311,
    #20
Page 1 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...