Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 18

Thema: random freezes, strange autorun

  1. 28.11.2009, 23:08 #1
    Peter2009
    Peter2009 ist offline
    Einsteiger
    Registriert seit
    03.01.2009
    Beiträge
    26

    random freezes, strange autorun

    Hi Jintan, once again I need your help!

    I've noticed lately my computer randomly freezing up or becoming mostly non-responsive. I've tried scanning my machine with Malwarebytes' Anti-Malware and Comodo Security, and in both cases they have found something in the Registry whos Vender is labeled as "Hijack.System.Hidden", which appears to have something to with with Explorer, though that is just my guess. I haven't been able to remove it using the tools...

    The other thing I've noticed is a RECYCLER and autorun.inf get created into any flash drives I connect to the computer and everytime Comodo would detect it and helps me remove it.

    Here is the results of the HJT log.

    Code:
    Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:26 PM, on 11/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-21-1078081533-1303643608-839522115-1003\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Peter')
O4 - HKUS\S-1-5-21-1078081533-1303643608-839522115-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Peter')
O4 - HKUS\S-1-5-21-1078081533-1303643608-839522115-1003\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Peter')
O4 - HKUS\S-1-5-21-1078081533-1303643608-839522115-1003\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Peter')
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231018707812
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231130260625
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FD490921-0C40-4BC2-8E47-59C61C4BA0BE} (XTrapSCtl Class) - http://xtrap.wiselogic.co.kr/XTrapSecure.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3974BF2E-DE5B-4AE8-B99C-F1EAEB3879A4}: NameServer = 207.164.234.193 207.164.234.129
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 9010 bytes
    Finally, thank you for reading this post and thanks again for the help I received last time!! I am very grateful.
    ZitierenZitieren
  2. 29.11.2009, 03:01 #2
    Jintan
    Jintan ist offline
    Moderator (global) Team-Mitglied
    Registriert seit
    25.11.2006
    Beiträge
    5.949

    Re: random freezes, strange autorun

    Hello again Peter2009,

    No infection showing in this view, but does sound like you have some type of autorun worm there. Let' check in more detail.


    The malware has included an autorun type component, so if any external drives have been used on this computer recently be sure to install them now, and leave them installed until ALL repairs on it are completed. If not, they will remain infected and can re-infect the computer (or others).


    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


    Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

    If necessary allow it to locate or download a copy of HijackThis as needed.

    Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

    RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

    You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

    --------------

    Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


    Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

    When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!
    ZitierenZitieren
  3. 29.11.2009, 08:40 #3
    Peter2009
    Peter2009 ist offline
    Einsteiger
    Registriert seit
    03.01.2009
    Beiträge
    26

    AW: random freezes, strange autorun

    Jintan,

    I couldn't download the first link you gave me for RSIT. Is it correct or is something wrong with my computer? ><

    When I started GMER, it said it found a modification, which may be the cause of rootkit activity. Does this mean I'll have to reformat sooner or later?

    By opening scan, I guess you mean this before it asks the full scan?

    Code:
    GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-11-28 23:32:42
Windows 5.1.2600 Service Pack 3
Running: 37ivy1cu.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\afnoipob.sys


---- Devices - GMER 1.0.15 ----

Device                                                             Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                                                             Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                           cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                          cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Udp                          cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                        cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Services - GMER 1.0.15 ----

Service         C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [AUTO] kkohnpj                                                    <-- ROOTKIT !!!
Service         C:\WINDOWS\system32\svchost.exe (*** hidden *** )  [AUTO] odozeauk                                                   <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----




    Full Scan.. kinda.

    It seems as though I can never copy down the most final output from GMER. At the end, although I've missed seeing it 3 times now, the computer seems to have restarted on its own and Windows produces an error once I load on a user's profile.... so if this is not accurate/sufficient enough, I'll try to find the time to monitor the whole scan again. Sorry.

    Code:
    GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-11-28 23:41:19
Windows 5.1.2600 Service Pack 3
Running: 37ivy1cu.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\afnoipob.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwAdjustPrivilegesToken [0xF4F4A2A0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwConnectPort [0xF4F497C2]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwCreateFile [0xF4F49E5C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwCreateKey [0xF4F4AA6A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwCreatePort [0xF4F4951C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwCreateSection [0xF4F4B776]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwCreateSymbolicLinkObject [0xF4F4A486]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwCreateThread [0xF4F490EA]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwDeleteKey [0xF4F4A6D4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwDeleteValueKey [0xF4F4A884]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwDuplicateObject [0xF4F48E4C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwLoadDriver [0xF4F4B3F8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwMakeTemporaryObject [0xF4F49A46]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwOpenFile [0xF4F4A094]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwOpenProcess [0xF4F48B7C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwOpenSection [0xF4F49CD6]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwOpenThread [0xF4F48CF4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwRenameKey [0xF4F4AE30]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwRequestWaitReplyPort [0xF4F4963A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwSecureConnectPort [0xF4F4B194]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwSetSystemInformation [0xF4F4B5A6]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwSetValueKey [0xF4F4AC30]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwShutdownSystem [0xF4F499E0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwSystemDebugControl [0xF4F49BCA]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwTerminateProcess [0xF4F493E6]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)                                             ZwTerminateThread [0xF4F492B4]

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\nvax.sys                                                                                                   entry point in "init" section [0xF7A8D392]
.text           C:\WINDOWS\System32\DRIVERS\nv4_mini.sys                                                                                               section is writeable [0xF6434360, 0x37388D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtAllocateVirtualMemory                                                                 7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtClose                                                                                 7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateFile                                                                            7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateProcess                                                                         7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtCreateProcessEx                                                                       7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtDeleteFile                                                                            7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtFreeVirtualMemory                                                                     7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtLoadDriver                                                                            7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtOpenFile                                                                              7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtProtectVirtualMemory                                                                  7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtSetInformationProcess                                                                 7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtUnloadDriver                                                                          7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!NtWriteVirtualMemory                                                                    7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!KiUserExceptionDispatcher                                                               7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!RtlAllocateHeap                                                                         7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!LdrLoadDll                                                                              7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!LdrUnloadDll                                                                            7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ntdll.dll!LdrGetProcedureAddress                                                                  7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateFileA                                                                          7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!VirtualProtect                                                                       7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryExW                                                                       7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryExA                                                                       7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryA                                                                         7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateProcessW                                                                       7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateProcessA                                                                       7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!GetProcAddress                                                                       7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadLibraryW                                                                         7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!GetModuleHandleA                                                                     7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!GetModuleHandleW                                                                     7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CreateFileW                                                                          7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileWithProgressW                                                                7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileW                                                                            7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!OpenFile                                                                             7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!OpenFile + 3                                                                         7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileExW                                                                          7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileA                                                                            7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileW                                                                            7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!DeleteFileA                                                                          7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!DeleteFileW                                                                          7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileExW                                                                          7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileA                                                                            7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileWithProgressA                                                                7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!MoveFileExA                                                                          7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!CopyFileExA                                                                          7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!WinExec                                                                              7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] kernel32.dll!LoadModule                                                                           7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!OpenServiceW                                                                         77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!OpenServiceA                                                                         77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CreateServiceA                                                                       77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ADVAPI32.dll!CreateServiceW                                                                       77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] USER32.dll!EndTask                                                                                7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] USER32.dll!mouse_event                                                                            7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] USER32.dll!keybd_event                                                                            7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] GDI32.dll!BitBlt                                                                                  77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] GDI32.dll!CreateDCA                                                                               77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] GDI32.dll!CreateDCW                                                                               77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ole32.dll!CoCreateInstanceEx                                                                      77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] ole32.dll!CoGetClassObject                                                                        775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteExW                                                                       7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteEx                                                                        7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteA                                                                         7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[200] SHELL32.dll!ShellExecuteW                                                                         7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtAllocateVirtualMemory                                    7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtClose                                                    7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtCreateFile                                               7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtCreateProcess                                            7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtCreateProcessEx                                          7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtDeleteFile                                               7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtFreeVirtualMemory                                        7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtLoadDriver                                               7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtOpenFile                                                 7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtProtectVirtualMemory                                     7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtSetInformationProcess                                    7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtUnloadDriver                                             7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!NtWriteVirtualMemory                                       7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!KiUserExceptionDispatcher                                  7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!RtlAllocateHeap                                            7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!LdrLoadDll                                                 7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!LdrUnloadDll                                               7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ntdll.dll!LdrGetProcedureAddress                                     7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CreateFileA                                             7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!VirtualProtect                                          7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!LoadLibraryExW                                          7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!LoadLibraryExA                                          7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!LoadLibraryA                                            7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CreateProcessW                                          7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CreateProcessA                                          7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!GetProcAddress                                          7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!LoadLibraryW                                            7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!GetModuleHandleA                                        7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!GetModuleHandleW                                        7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CreateFileW                                             7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!MoveFileWithProgressW                                   7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!MoveFileW                                               7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!OpenFile                                                7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!OpenFile + 3                                            7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CopyFileExW                                             7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CopyFileA                                               7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CopyFileW                                               7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!DeleteFileA                                             7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!DeleteFileW                                             7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!MoveFileExW                                             7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!MoveFileA                                               7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!MoveFileWithProgressA                                   7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!MoveFileExA                                             7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!CopyFileExA                                             7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!WinExec                                                 7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] kernel32.dll!LoadModule                                              7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] USER32.dll!EndTask                                                   7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] USER32.dll!mouse_event                                               7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] USER32.dll!keybd_event                                               7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] GDI32.dll!BitBlt                                                     77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] GDI32.dll!CreateDCA                                                  77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] GDI32.dll!CreateDCW                                                  77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] SHELL32.dll!ShellExecuteExW                                          7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] SHELL32.dll!ShellExecuteEx                                           7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] SHELL32.dll!ShellExecuteA                                            7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] SHELL32.dll!ShellExecuteW                                            7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ADVAPI32.dll!OpenServiceW                                            77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ADVAPI32.dll!OpenServiceA                                            77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ADVAPI32.dll!CreateServiceA                                          77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ADVAPI32.dll!CreateServiceW                                          77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ole32.dll!CoCreateInstanceEx                                         77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] ole32.dll!CoGetClassObject                                           775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] WININET.dll!InternetConnectA                                         3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[252] WININET.dll!InternetConnectW                                         3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtAllocateVirtualMemory                                                          7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtClose                                                                          7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtCreateFile                                                                     7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtCreateProcess                                                                  7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtCreateProcessEx                                                                7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtDeleteFile                                                                     7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtFreeVirtualMemory                                                              7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtLoadDriver                                                                     7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtOpenFile                                                                       7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtProtectVirtualMemory                                                           7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtSetInformationProcess                                                          7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtUnloadDriver                                                                   7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!NtWriteVirtualMemory                                                             7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!KiUserExceptionDispatcher                                                        7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!RtlAllocateHeap                                                                  7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!LdrLoadDll                                                                       7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!LdrUnloadDll                                                                     7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ntdll.dll!LdrGetProcedureAddress                                                           7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CreateFileA                                                                   7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!VirtualProtect                                                                7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!LoadLibraryExW                                                                7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!LoadLibraryExA                                                                7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!LoadLibraryA                                                                  7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CreateProcessW                                                                7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CreateProcessA                                                                7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!GetProcAddress                                                                7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!LoadLibraryW                                                                  7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!GetModuleHandleA                                                              7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!GetModuleHandleW                                                              7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CreateFileW                                                                   7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!MoveFileWithProgressW                                                         7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!MoveFileW                                                                     7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!OpenFile                                                                      7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!OpenFile + 3                                                                  7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CopyFileExW                                                                   7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CopyFileA                                                                     7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CopyFileW                                                                     7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!DeleteFileA                                                                   7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!DeleteFileW                                                                   7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!MoveFileExW                                                                   7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!MoveFileA                                                                     7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!MoveFileWithProgressA                                                         7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!MoveFileExA                                                                   7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!CopyFileExA                                                                   7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!WinExec                                                                       7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] kernel32.dll!LoadModule                                                                    7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] WS2_32.dll!WSASocketW                                                                      71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] WS2_32.dll!WSASocketA                                                                      71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!OpenServiceW                                                                  77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!OpenServiceA                                                                  77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceA                                                                77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ADVAPI32.dll!CreateServiceW                                                                77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ole32.dll!CoCreateInstanceEx                                                               77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] ole32.dll!CoGetClassObject                                                                 775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] GDI32.dll!BitBlt                                                                           77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] GDI32.dll!CreateDCA                                                                        77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] GDI32.dll!CreateDCW                                                                        77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!EndTask                                                                         7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!mouse_event                                                                     7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jqs.exe[276] USER32.dll!keybd_event                                                                     7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtAllocateVirtualMemory                                                                 7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtClose                                                                                 7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtCreateFile                                                                            7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtCreateProcess                                                                         7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtCreateProcessEx                                                                       7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtDeleteFile                                                                            7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtFreeVirtualMemory                                                                     7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtLoadDriver                                                                            7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtOpenFile                                                                              7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtProtectVirtualMemory                                                                  7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtSetInformationProcess                                                                 7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtUnloadDriver                                                                          7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!NtWriteVirtualMemory                                                                    7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!KiUserExceptionDispatcher                                                               7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!RtlAllocateHeap                                                                         7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!LdrLoadDll                                                                              7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!LdrUnloadDll                                                                            7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ntdll.dll!LdrGetProcedureAddress                                                                  7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CreateFileA                                                                          7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!VirtualProtect                                                                       7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!LoadLibraryExW                                                                       7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!LoadLibraryExA                                                                       7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!LoadLibraryA                                                                         7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CreateProcessW                                                                       7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CreateProcessA                                                                       7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!GetProcAddress                                                                       7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!LoadLibraryW                                                                         7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!GetModuleHandleA                                                                     7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!GetModuleHandleW                                                                     7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CreateFileW                                                                          7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!MoveFileWithProgressW                                                                7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!MoveFileW                                                                            7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!OpenFile                                                                             7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!OpenFile + 3                                                                         7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CopyFileExW                                                                          7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CopyFileA                                                                            7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CopyFileW                                                                            7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!DeleteFileA                                                                          7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!DeleteFileW                                                                          7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!MoveFileExW                                                                          7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!MoveFileA                                                                            7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!MoveFileWithProgressA                                                                7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!MoveFileExA                                                                          7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!CopyFileExA                                                                          7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!WinExec                                                                              7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] kernel32.dll!LoadModule                                                                           7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] USER32.dll!EndTask                                                                                7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] USER32.dll!mouse_event                                                                            7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] USER32.dll!keybd_event                                                                            7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] GDI32.dll!BitBlt                                                                                  77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] GDI32.dll!CreateDCA                                                                               77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] GDI32.dll!CreateDCW                                                                               77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ADVAPI32.dll!OpenServiceW                                                                         77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ADVAPI32.dll!OpenServiceA                                                                         77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ADVAPI32.dll!CreateServiceA                                                                       77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ADVAPI32.dll!CreateServiceW                                                                       77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ole32.dll!CoCreateInstanceEx                                                                      77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\nvsvc32.exe[416] ole32.dll!CoGetClassObject                                                                        775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtAllocateVirtualMemory                  7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtClose                                  7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtCreateFile                             7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtCreateProcess                          7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtCreateProcessEx                        7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtDeleteFile                             7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtFreeVirtualMemory                      7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtLoadDriver                             7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtOpenFile                               7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtProtectVirtualMemory                   7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtSetInformationProcess                  7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtUnloadDriver                           7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!NtWriteVirtualMemory                     7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!KiUserExceptionDispatcher                7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!RtlAllocateHeap                          7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!LdrLoadDll                               7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!LdrUnloadDll                             7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ntdll.dll!LdrGetProcedureAddress                   7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CreateFileA                           7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!VirtualProtect                        7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!LoadLibraryExW                        7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!LoadLibraryExA                        7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!LoadLibraryA                          7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CreateProcessW                        7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CreateProcessA                        7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!GetProcAddress                        7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!LoadLibraryW                          7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!GetModuleHandleA                      7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!GetModuleHandleW                      7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CreateFileW                           7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!MoveFileWithProgressW                 7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!MoveFileW                             7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!OpenFile                              7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!OpenFile + 3                          7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CopyFileExW                           7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CopyFileA                             7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CopyFileW                             7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!DeleteFileA                           7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!DeleteFileW                           7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!MoveFileExW                           7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!MoveFileA                             7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!MoveFileWithProgressA                 7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!MoveFileExA                           7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!CopyFileExA                           7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!WinExec                               7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] kernel32.dll!LoadModule                            7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ADVAPI32.dll!OpenServiceW                          77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ADVAPI32.dll!OpenServiceA                          77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ADVAPI32.dll!CreateServiceA                        77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ADVAPI32.dll!CreateServiceW                        77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] GDI32.dll!BitBlt                                   77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] GDI32.dll!CreateDCA                                77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] GDI32.dll!CreateDCW                                77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] USER32.dll!EndTask                                 7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] USER32.dll!mouse_event                             7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] USER32.dll!keybd_event                             7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] WS2_32.dll!WSASocketW                              71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] WS2_32.dll!WSASocketA                              71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] SHELL32.dll!ShellExecuteExW                        7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] SHELL32.dll!ShellExecuteEx                         7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] SHELL32.dll!ShellExecuteA                          7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] SHELL32.dll!ShellExecuteW                          7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ole32.dll!CoCreateInstanceEx                       77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[520] ole32.dll!CoGetClassObject                         775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtAllocateVirtualMemory                                             7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtClose                                                             7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtCreateFile                                                        7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtCreateProcess                                                     7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtCreateProcessEx                                                   7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtDeleteFile                                                        7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtFreeVirtualMemory                                                 7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtLoadDriver                                                        7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtOpenFile                                                          7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtProtectVirtualMemory                                              7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtSetInformationProcess                                             7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtUnloadDriver                                                      7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!NtWriteVirtualMemory                                                7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!KiUserExceptionDispatcher                                           7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!RtlAllocateHeap                                                     7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!LdrLoadDll                                                          7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!LdrUnloadDll                                                        7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ntdll.dll!LdrGetProcedureAddress                                              7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CreateFileA                                                      7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!VirtualProtect                                                   7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LoadLibraryExW                                                   7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LoadLibraryExA                                                   7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LoadLibraryA                                                     7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CreateProcessW                                                   7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CreateProcessA                                                   7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LoadResource                                                     7C80A055 7 Bytes  JMP 28001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!FindResourceExW                                                  7C80AD28 7 Bytes  JMP 28001C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!GetProcAddress                                                   7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LoadLibraryW                                                     7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!GetModuleHandleA                                                 7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!FindResourceW                                                    7C80BC6E 7 Bytes  JMP 28001BF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!SizeofResource                                                   7C80BD09 7 Bytes  JMP 28001EF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!FindResourceA                                                    7C80BF29 7 Bytes  JMP 28001D00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LockResource                                                     7C80CD37 5 Bytes  JMP 28001F60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!GetModuleHandleW                                                 7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CreateFileW                                                      7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!MoveFileWithProgressW                                            7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!MoveFileW                                                        7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!OpenFile                                                         7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!OpenFile + 3                                                     7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CopyFileExW                                                      7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CopyFileA                                                        7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CopyFileW                                                        7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CreateEventA                                                     7C8308B5 5 Bytes  JMP 28001850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!DeleteFileA                                                      7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!DeleteFileW                                                      7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!MoveFileExW                                                      7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!MoveFileA                                                        7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!MoveFileWithProgressA                                            7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!FindResourceExA                                                  7C835FA8 7 Bytes  JMP 28001D90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!MoveFileExA                                                      7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!CopyFileExA                                                      7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!WinExec                                                          7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] kernel32.dll!LoadModule                                                       7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ADVAPI32.dll!OpenServiceW                                                     77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ADVAPI32.dll!CryptDeriveKey                                                   77DE9FFD 7 Bytes  JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ADVAPI32.dll!CryptDecrypt                                                     77DEA129 7 Bytes  JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ADVAPI32.dll!OpenServiceA                                                     77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ADVAPI32.dll!CreateServiceA                                                   77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ADVAPI32.dll!CreateServiceW                                                   77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] GDI32.dll!BitBlt                                                              77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] GDI32.dll!CreateDCA                                                           77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] GDI32.dll!CreateDCW                                                           77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!GetWindowLongW                                                     7E4188A6 7 Bytes  JMP 28006AF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!PeekMessageW                                                       7E41929B 5 Bytes  JMP 280046B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!SetWindowPlacement                                                 7E41DE46 5 Bytes  JMP 28005E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!CreateDialogParamW                                                 7E41EA3B 5 Bytes  JMP 28006110 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!LoadImageW                                                         7E427B97 5 Bytes  JMP 28006760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!CreateWindowExW                                                    7E42D0A3 5 Bytes  JMP 28003CE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!SetWindowRgn                                                       7E42E528 7 Bytes  JMP 28005FD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!LoadIconW                                                          7E42E8BC 5 Bytes  JMP 28006950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!EndTask                                                            7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!MessageBoxIndirectW                                                7E4664D5 5 Bytes  JMP 28006300 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!mouse_event                                                        7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!keybd_event                                                        7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] USER32.dll!TrackPopupMenuEx                                                   7E46CF62 5 Bytes  JMP 28004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WS2_32.dll!WSASocketW                                                         71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WS2_32.dll!WSASocketA                                                         71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] SHELL32.dll!ShellExecuteExW                                                   7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] SHELL32.dll!Shell_NotifyIconW                                                 7CA2A5BF 5 Bytes  JMP 28003430 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] SHELL32.dll!ShellExecuteEx                                                    7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] SHELL32.dll!ShellExecuteA                                                     7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] SHELL32.dll!ShellExecuteW                                                     7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ole32.dll!CoInitializeEx                                                      774FEF7B 5 Bytes  JMP 28002270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ole32.dll!CoCreateInstanceEx                                                  77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ole32.dll!CoCreateInstance                                                    7750057E 5 Bytes  JMP 28002610 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ole32.dll!CoGetClassObject                                                    775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] ole32.dll!CoRegisterClassObject                                               77517E90 5 Bytes  JMP 28002370 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WININET.dll!InternetReadFile                                                  3D94654B 5 Bytes  JMP 2800A0E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WININET.dll!InternetCloseHandle                                               3D949088 5 Bytes  JMP 2800A290 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WININET.dll!HttpOpenRequestA                                                  3D94D508 5 Bytes  JMP 28009F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WININET.dll!InternetConnectA                                                  3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WININET.dll!InternetConnectW                                                  3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[668] WININET.dll!HttpSendRequestA                                                  3D95EE89 5 Bytes  JMP 2800A1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtAllocateVirtualMemory                                                                  7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtClose                                                                                  7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtCreateFile                                                                             7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtCreateProcess                                                                          7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtCreateProcessEx                                                                        7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtDeleteFile                                                                             7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtFreeVirtualMemory                                                                      7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtLoadDriver                                                                             7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtOpenFile                                                                               7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtProtectVirtualMemory                                                                   7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtSetInformationProcess                                                                  7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtUnloadDriver                                                                           7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!NtWriteVirtualMemory                                                                     7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!KiUserExceptionDispatcher                                                                7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!RtlAllocateHeap                                                                          7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!LdrLoadDll                                                                               7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!LdrUnloadDll                                                                             7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ntdll.dll!LdrGetProcedureAddress                                                                   7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CreateFileA                                                                           7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!VirtualProtect                                                                        7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!LoadLibraryExW                                                                        7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!LoadLibraryExA                                                                        7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!LoadLibraryA                                                                          7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CreateProcessW                                                                        7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CreateProcessA                                                                        7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!GetProcAddress                                                                        7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!LoadLibraryW                                                                          7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!GetModuleHandleA                                                                      7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!GetModuleHandleW                                                                      7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CreateFileW                                                                           7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!MoveFileWithProgressW                                                                 7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!MoveFileW                                                                             7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!OpenFile                                                                              7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!OpenFile + 3                                                                          7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CopyFileExW                                                                           7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CopyFileA                                                                             7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CopyFileW                                                                             7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!DeleteFileA                                                                           7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!DeleteFileW                                                                           7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!MoveFileExW                                                                           7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!MoveFileA                                                                             7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!MoveFileWithProgressA                                                                 7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!MoveFileExA                                                                           7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!CopyFileExA                                                                           7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!WinExec                                                                               7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] kernel32.dll!LoadModule                                                                            7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ADVAPI32.dll!OpenServiceW                                                                          77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ADVAPI32.dll!OpenServiceA                                                                          77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ADVAPI32.dll!CreateServiceA                                                                        77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ADVAPI32.dll!CreateServiceW                                                                        77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] USER32.dll!EndTask                                                                                 7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] USER32.dll!mouse_event                                                                             7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] USER32.dll!keybd_event                                                                             7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] GDI32.dll!BitBlt                                                                                   77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] GDI32.dll!CreateDCA                                                                                77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] GDI32.dll!CreateDCW                                                                                77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ole32.dll!CoCreateInstanceEx                                                                       77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] ole32.dll!CoGetClassObject                                                                         775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] SHELL32.dll!ShellExecuteExW                                                                        7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] SHELL32.dll!ShellExecuteEx                                                                         7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] SHELL32.dll!ShellExecuteA                                                                          7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ctfmon.exe[688] SHELL32.dll!ShellExecuteW                                                                          7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtAllocateVirtualMemory                                              7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtClose                                                              7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtCreateFile                                                         7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtCreateProcess                                                      7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtCreateProcessEx                                                    7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtDeleteFile                                                         7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtFreeVirtualMemory                                                  7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtLoadDriver                                                         7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtOpenFile                                                           7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtProtectVirtualMemory                                               7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtSetInformationProcess                                              7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtUnloadDriver                                                       7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!NtWriteVirtualMemory                                                 7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!KiUserExceptionDispatcher                                            7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!RtlAllocateHeap                                                      7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!LdrLoadDll                                                           7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!LdrUnloadDll                                                         7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ntdll.dll!LdrGetProcedureAddress                                               7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CreateFileA                                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!VirtualProtect                                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!LoadLibraryExW                                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!LoadLibraryExA                                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!LoadLibraryA                                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CreateProcessW                                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CreateProcessA                                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!GetProcAddress                                                    7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!LoadLibraryW                                                      7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!GetModuleHandleA                                                  7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!GetModuleHandleW                                                  7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CreateFileW                                                       7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!MoveFileWithProgressW                                             7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!MoveFileW                                                         7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!OpenFile                                                          7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!OpenFile + 3                                                      7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CopyFileExW                                                       7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CopyFileA                                                         7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CopyFileW                                                         7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!DeleteFileA                                                       7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!DeleteFileW                                                       7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!MoveFileExW                                                       7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!MoveFileA                                                         7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!MoveFileWithProgressA                                             7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!MoveFileExA                                                       7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!CopyFileExA                                                       7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!WinExec                                                           7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] kernel32.dll!LoadModule                                                        7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ADVAPI32.dll!OpenServiceW                                                      77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ADVAPI32.dll!OpenServiceA                                                      77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ADVAPI32.dll!CreateServiceA                                                    77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ADVAPI32.dll!CreateServiceW                                                    77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] GDI32.dll!BitBlt                                                               77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] GDI32.dll!CreateDCA                                                            77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] GDI32.dll!CreateDCW                                                            77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] USER32.dll!EndTask                                                             7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] USER32.dll!mouse_event                                                         7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] USER32.dll!keybd_event                                                         7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ole32.dll!CoCreateInstanceEx                                                   77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNSCFG.exe[812] ole32.dll!CoGetClassObject                                                     775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] WS2_32.dll!WSASocketW                                                                            71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] WS2_32.dll!WSASocketA                                                                            71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[860] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtAllocateVirtualMemory                                                                  7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtClose                                                                                  7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtCreateFile                                                                             7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtCreateProcess                                                                          7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtCreateProcessEx                                                                        7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtDeleteFile                                                                             7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtFreeVirtualMemory                                                                      7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtLoadDriver                                                                             7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtOpenFile                                                                               7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtProtectVirtualMemory                                                                   7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtSetInformationProcess                                                                  7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtUnloadDriver                                                                           7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!NtWriteVirtualMemory                                                                     7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!KiUserExceptionDispatcher                                                                7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!RtlAllocateHeap                                                                          7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!LdrLoadDll                                                                               7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!LdrUnloadDll                                                                             7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ntdll.dll!LdrGetProcedureAddress                                                                   7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CreateFileA                                                                           7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!VirtualProtect                                                                        7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!LoadLibraryExW                                                                        7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!LoadLibraryExA                                                                        7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!LoadLibraryA                                                                          7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CreateProcessW                                                                        7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CreateProcessA                                                                        7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!GetProcAddress                                                                        7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!LoadLibraryW                                                                          7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!GetModuleHandleA                                                                      7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!GetModuleHandleW                                                                      7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CreateFileW                                                                           7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!MoveFileWithProgressW                                                                 7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!MoveFileW                                                                             7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!OpenFile                                                                              7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!OpenFile + 3                                                                          7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CopyFileExW                                                                           7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CopyFileA                                                                             7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CopyFileW                                                                             7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!DeleteFileA                                                                           7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!DeleteFileW                                                                           7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!MoveFileExW                                                                           7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!MoveFileA                                                                             7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!MoveFileWithProgressA                                                                 7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!MoveFileExA                                                                           7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!CopyFileExA                                                                           7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!WinExec                                                                               7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] kernel32.dll!LoadModule                                                                            7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ADVAPI32.dll!OpenServiceW                                                                          77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ADVAPI32.dll!OpenServiceA                                                                          77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ADVAPI32.dll!CreateServiceA                                                                        77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ADVAPI32.dll!CreateServiceW                                                                        77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] GDI32.dll!BitBlt                                                                                   77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] GDI32.dll!CreateDCA                                                                                77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] GDI32.dll!CreateDCW                                                                                77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] USER32.dll!EndTask                                                                                 7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] USER32.dll!mouse_event                                                                             7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] USER32.dll!keybd_event                                                                             7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] SHELL32.dll!ShellExecuteExW                                                                        7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] SHELL32.dll!ShellExecuteEx                                                                         7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] SHELL32.dll!ShellExecuteA                                                                          7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] SHELL32.dll!ShellExecuteW                                                                          7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] WS2_32.dll!WSASocketW                                                                              71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] WS2_32.dll!WSASocketA                                                                              71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ole32.dll!CoCreateInstanceEx                                                                       77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DNA\btdna.exe[888] ole32.dll!CoGetClassObject                                                                         775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtAllocateVirtualMemory                            7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtClose                                            7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtCreateFile                                       7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtCreateProcess                                    7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtCreateProcessEx                                  7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtDeleteFile                                       7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtFreeVirtualMemory                                7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtLoadDriver                                       7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtOpenFile                                         7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtProtectVirtualMemory                             7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtSetInformationProcess                            7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtUnloadDriver                                     7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!NtWriteVirtualMemory                               7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!KiUserExceptionDispatcher                          7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!RtlAllocateHeap                                    7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!LdrLoadDll                                         7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!LdrUnloadDll                                       7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ntdll.dll!LdrGetProcedureAddress                             7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CreateFileA                                     7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!VirtualProtect                                  7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!LoadLibraryExW                                  7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!LoadLibraryExA                                  7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!LoadLibraryA                                    7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CreateProcessW                                  7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CreateProcessA                                  7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!GetProcAddress                                  7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!LoadLibraryW                                    7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!GetModuleHandleA                                7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!GetModuleHandleW                                7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CreateFileW                                     7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!MoveFileWithProgressW                           7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!MoveFileW                                       7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!OpenFile                                        7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!OpenFile + 3                                    7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CopyFileExW                                     7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CopyFileA                                       7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CopyFileW                                       7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!DeleteFileA                                     7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!DeleteFileW                                     7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!MoveFileExW                                     7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!MoveFileA                                       7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!MoveFileWithProgressA                           7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!MoveFileExA                                     7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!CopyFileExA                                     7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!WinExec                                         7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] kernel32.dll!LoadModule                                      7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] USER32.dll!EndTask                                           7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] USER32.dll!mouse_event                                       7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] USER32.dll!keybd_event                                       7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] GDI32.dll!BitBlt                                             77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] GDI32.dll!CreateDCA                                          77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] GDI32.dll!CreateDCW                                          77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ADVAPI32.dll!OpenServiceW                                    77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ADVAPI32.dll!OpenServiceA                                    77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ADVAPI32.dll!CreateServiceA                                  77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ADVAPI32.dll!CreateServiceW                                  77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] SHELL32.dll!ShellExecuteExW                                  7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] SHELL32.dll!ShellExecuteEx                                   7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] SHELL32.dll!ShellExecuteA                                    7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] SHELL32.dll!ShellExecuteW                                    7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ole32.dll!CoCreateInstanceEx                                 77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[996] ole32.dll!CoGetClassObject                                   775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtAllocateVirtualMemory                                                          7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtClose                                                                          7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtCreateFile                                                                     7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtCreateProcess                                                                  7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtCreateProcessEx                                                                7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtDeleteFile                                                                     7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtFreeVirtualMemory                                                              7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtLoadDriver                                                                     7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtOpenFile                                                                       7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtProtectVirtualMemory                                                           7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtSetInformationProcess                                                          7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtUnloadDriver                                                                   7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!NtWriteVirtualMemory                                                             7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!KiUserExceptionDispatcher                                                        7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!RtlAllocateHeap                                                                  7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!LdrLoadDll                                                                       7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!LdrUnloadDll                                                                     7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ntdll.dll!LdrGetProcedureAddress                                                           7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CreateFileA                                                                   7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!VirtualProtect                                                                7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!LoadLibraryExW                                                                7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!LoadLibraryExA                                                                7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!LoadLibraryA                                                                  7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CreateProcessW                                                                7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CreateProcessA                                                                7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!GetProcAddress                                                                7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!LoadLibraryW                                                                  7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!GetModuleHandleA                                                              7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!GetModuleHandleW                                                              7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CreateFileW                                                                   7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!MoveFileWithProgressW                                                         7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!MoveFileW                                                                     7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!OpenFile                                                                      7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!OpenFile + 3                                                                  7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CopyFileExW                                                                   7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CopyFileA                                                                     7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CopyFileW                                                                     7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!DeleteFileA                                                                   7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!DeleteFileW                                                                   7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!MoveFileExW                                                                   7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!MoveFileA                                                                     7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!MoveFileWithProgressA                                                         7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!MoveFileExA                                                                   7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!CopyFileExA                                                                   7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!WinExec                                                                       7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] kernel32.dll!LoadModule                                                                    7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ADVAPI32.dll!OpenServiceW                                                                  77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ADVAPI32.dll!OpenServiceA                                                                  77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ADVAPI32.dll!CreateServiceA                                                                77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ADVAPI32.dll!CreateServiceW                                                                77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] GDI32.dll!BitBlt                                                                           77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] GDI32.dll!CreateDCA                                                                        77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] GDI32.dll!CreateDCW                                                                        77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] USER32.dll!EndTask                                                                         7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] USER32.dll!mouse_event                                                                     7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] USER32.dll!keybd_event                                                                     7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] WS2_32.dll!WSASocketW                                                                      71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] WS2_32.dll!WSASocketA                                                                      71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ole32.dll!CoCreateInstanceEx                                                               77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] ole32.dll!CoGetClassObject                                                                 775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] SHELL32.dll!ShellExecuteExW                                                                7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] SHELL32.dll!ShellExecuteEx                                                                 7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] SHELL32.dll!ShellExecuteA                                                                  7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] SHELL32.dll!ShellExecuteW                                                                  7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] WININET.dll!InternetConnectA                                                               3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Messenger\msmsgs.exe[1008] WININET.dll!InternetConnectW                                                               3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtAllocateVirtualMemory                                                               7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtClose                                                                               7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateFile                                                                          7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateProcess                                                                       7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateProcessEx                                                                     7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtDeleteFile                                                                          7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtFreeVirtualMemory                                                                   7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtLoadDriver                                                                          7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtOpenFile                                                                            7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtProtectVirtualMemory                                                                7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtSetInformationProcess                                                               7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtUnloadDriver                                                                        7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteVirtualMemory                                                                  7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!KiUserExceptionDispatcher                                                             7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!RtlAllocateHeap                                                                       7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrLoadDll                                                                            7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrUnloadDll                                                                          7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ntdll.dll!LdrGetProcedureAddress                                                                7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileA                                                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExA                                                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryA                                                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetProcAddress                                                                     7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryW                                                                       7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetModuleHandleA                                                                   7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!GetModuleHandleW                                                                   7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CreateFileW                                                                        7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!MoveFileWithProgressW                                                              7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!MoveFileW                                                                          7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!OpenFile                                                                           7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!OpenFile + 3                                                                       7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CopyFileExW                                                                        7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CopyFileA                                                                          7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CopyFileW                                                                          7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!DeleteFileA                                                                        7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!DeleteFileW                                                                        7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!MoveFileExW                                                                        7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!MoveFileA                                                                          7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!MoveFileWithProgressA                                                              7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!MoveFileExA                                                                        7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!CopyFileExA                                                                        7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!WinExec                                                                            7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadModule                                                                         7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!OpenServiceW                                                                       77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!OpenServiceA                                                                       77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateServiceA                                                                     77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ADVAPI32.dll!CreateServiceW                                                                     77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] USER32.dll!EndTask                                                                              7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] USER32.dll!mouse_event                                                                          7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] USER32.dll!keybd_event                                                                          7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] GDI32.dll!BitBlt                                                                                77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] GDI32.dll!CreateDCA                                                                             77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] GDI32.dll!CreateDCW                                                                             77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ole32.dll!CoCreateInstanceEx                                                                    77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[1068] ole32.dll!CoGetClassObject                                                                      775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtAllocateVirtualMemory                                                                  7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtClose                                                                                  7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtCreateFile                                                                             7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtCreateProcess                                                                          7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtCreateProcessEx                                                                        7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtDeleteFile                                                                             7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtFreeVirtualMemory                                                                      7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtLoadDriver                                                                             7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtOpenFile                                                                               7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtProtectVirtualMemory                                                                   7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtSetInformationProcess                                                                  7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtUnloadDriver                                                                           7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!NtWriteVirtualMemory                                                                     7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!KiUserExceptionDispatcher                                                                7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!RtlAllocateHeap                                                                          7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!LdrLoadDll                                                                               7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!LdrUnloadDll                                                                             7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ntdll.dll!LdrGetProcedureAddress                                                                   7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateFileA                                                                           7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!VirtualProtect                                                                        7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryExW                                                                        7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryExA                                                                        7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryA                                                                          7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessW                                                                        7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateProcessA                                                                        7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!GetProcAddress                                                                        7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadLibraryW                                                                          7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!GetModuleHandleA                                                                      7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!GetModuleHandleW                                                                      7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CreateFileW                                                                           7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!MoveFileWithProgressW                                                                 7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!MoveFileW                                                                             7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!OpenFile                                                                              7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!OpenFile + 3                                                                          7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CopyFileExW                                                                           7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CopyFileA                                                                             7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CopyFileW                                                                             7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!DeleteFileA                                                                           7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!DeleteFileW                                                                           7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!MoveFileExW                                                                           7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!MoveFileA                                                                             7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!MoveFileWithProgressA                                                                 7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!MoveFileExA                                                                           7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!CopyFileExA                                                                           7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!WinExec                                                                               7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] kernel32.dll!LoadModule                                                                            7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!OpenServiceW                                                                          77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!OpenServiceA                                                                          77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!CreateServiceA                                                                        77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ADVAPI32.dll!CreateServiceW                                                                        77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] USER32.dll!EndTask                                                                                 7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] USER32.dll!mouse_event                                                                             7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] USER32.dll!keybd_event                                                                             7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] GDI32.dll!BitBlt                                                                                   77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] GDI32.dll!CreateDCA                                                                                77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] GDI32.dll!CreateDCW                                                                                77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] WS2_32.dll!WSASocketW                                                                              71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] WS2_32.dll!WSASocketA                                                                              71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ole32.dll!CoCreateInstanceEx                                                                       77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] ole32.dll!CoGetClassObject                                                                         775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] SHELL32.dll!ShellExecuteExW                                                                        7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] SHELL32.dll!ShellExecuteEx                                                                         7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] SHELL32.dll!ShellExecuteA                                                                          7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[1088] SHELL32.dll!ShellExecuteW                                                                          7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSASocketW                                                                            71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1328] WS2_32.dll!WSASocketA                                                                            71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtAllocateVirtualMemory                                                                        7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtClose                                                                                        7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtCreateFile                                                                                   7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtCreateProcess                                                                                7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtCreateProcessEx                                                                              7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtDeleteFile                                                                                   7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtFreeVirtualMemory                                                                            7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtLoadDriver                                                                                   7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtOpenFile                                                                                     7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtProtectVirtualMemory                                                                         7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtSetInformationProcess                                                                        7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtUnloadDriver                                                                                 7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtWriteVirtualMemory                                                                           7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!KiUserExceptionDispatcher                                                                      7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!RtlAllocateHeap                                                                                7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll                                                                                     7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll                                                                                   7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrGetProcedureAddress                                                                         7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileA                                                                                 7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtect                                                                              7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExW                                                                              7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExA                                                                              7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryA                                                                                7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessW                                                                              7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessA                                                                              7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryW                                                                                7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetModuleHandleA                                                                            7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetModuleHandleW                                                                            7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileW                                                                                 7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!MoveFileWithProgressW                                                                       7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!MoveFileW                                                                                   7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!OpenFile                                                                                    7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!OpenFile + 3                                                                                7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CopyFileExW                                                                                 7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CopyFileA                                                                                   7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CopyFileW                                                                                   7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!DeleteFileA                                                                                 7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!DeleteFileW                                                                                 7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!MoveFileExW                                                                                 7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!MoveFileA                                                                                   7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!MoveFileWithProgressA                                                                       7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!MoveFileExA                                                                                 7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CopyFileExA                                                                                 7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WinExec                                                                                     7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadModule                                                                                  7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!OpenServiceW                                                                                77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!OpenServiceA                                                                                77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA                                                                              77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceW                                                                              77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] GDI32.dll!BitBlt                                                                                         77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] GDI32.dll!CreateDCA                                                                                      77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] GDI32.dll!CreateDCW                                                                                      77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] USER32.dll!EndTask                                                                                       7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] USER32.dll!mouse_event                                                                                   7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] USER32.dll!keybd_event                                                                                   7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ole32.dll!CoCreateInstanceEx                                                                             77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] ole32.dll!CoGetClassObject                                                                               775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetConnectA                                                                             3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetConnectW                                                                             3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteExW                                                                              7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteEx                                                                               7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteA                                                                                7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteW                                                                                7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtQueryInformationProcess                                                              7C90D7FE 5 Bytes  JMP 01F6ADBD 
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] NETAPI32.dll!NetpwPathCanonicalize                                                               5B86A3A9 5 Bytes  JMP 01F6AD54 
.text           C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetConnectA                                                                     3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] WININET.dll!InternetConnectW                                                                     3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!WSASocketW                                                                            71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1516] WS2_32.dll!WSASocketA                                                                            71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtAllocateVirtualMemory                                                     7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtClose                                                                     7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtCreateFile                                                                7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtCreateProcess                                                             7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtCreateProcessEx                                                           7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtDeleteFile                                                                7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtFreeVirtualMemory                                                         7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtLoadDriver                                                                7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtOpenFile                                                                  7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtProtectVirtualMemory                                                      7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtSetInformationProcess                                                     7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtUnloadDriver                                                              7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!NtWriteVirtualMemory                                                        7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!KiUserExceptionDispatcher                                                   7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!RtlAllocateHeap                                                             7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!LdrLoadDll                                                                  7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!LdrUnloadDll                                                                7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ntdll.dll!LdrGetProcedureAddress                                                      7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CreateFileA                                                              7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!VirtualProtect                                                           7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!LoadLibraryExW                                                           7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!LoadLibraryExA                                                           7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!LoadLibraryA                                                             7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CreateProcessW                                                           7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CreateProcessA                                                           7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!GetProcAddress                                                           7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!LoadLibraryW                                                             7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!GetModuleHandleA                                                         7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!GetModuleHandleW                                                         7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CreateFileW                                                              7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!MoveFileWithProgressW                                                    7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!MoveFileW                                                                7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!OpenFile                                                                 7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!OpenFile + 3                                                             7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CopyFileExW                                                              7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CopyFileA                                                                7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CopyFileW                                                                7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!DeleteFileA                                                              7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!DeleteFileW                                                              7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!MoveFileExW                                                              7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!MoveFileA                                                                7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!MoveFileWithProgressA                                                    7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!MoveFileExA                                                              7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!CopyFileExA                                                              7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!WinExec                                                                  7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] kernel32.dll!LoadModule                                                               7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ADVAPI32.dll!OpenServiceW                                                             77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ADVAPI32.dll!OpenServiceA                                                             77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ADVAPI32.dll!CreateServiceA                                                           77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ADVAPI32.dll!CreateServiceW                                                           77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] GDI32.dll!BitBlt                                                                      77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] GDI32.dll!CreateDCA                                                                   77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] GDI32.dll!CreateDCW                                                                   77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] USER32.dll!EndTask                                                                    7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] USER32.dll!mouse_event                                                                7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] USER32.dll!keybd_event                                                                7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] WININET.dll!InternetConnectA                                                          3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] WININET.dll!InternetConnectW                                                          3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ole32.dll!CoCreateInstanceEx                                                          77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] ole32.dll!CoGetClassObject                                                            775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] SHELL32.dll!ShellExecuteExW                                                           7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] SHELL32.dll!ShellExecuteEx                                                            7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] SHELL32.dll!ShellExecuteA                                                             7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Java\jre6\bin\jusched.exe[1608] SHELL32.dll!ShellExecuteW                                                             7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtQueryInformationProcess                                                              7C90D7FE 5 Bytes  JMP 00C6ADBD 
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] WS2_32.dll!WSASocketW                                                                            71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] WS2_32.dll!WSASocketA                                                                            71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] WININET.dll!InternetConnectA                                                                     3D94DEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1644] WININET.dll!InternetConnectW                                                                     3D94F862 5 Bytes  JMP 10001E50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtAllocateVirtualMemory                                                               7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtClose                                                                               7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtCreateFile                                                                          7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtCreateProcess                                                                       7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtCreateProcessEx                                                                     7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtDeleteFile                                                                          7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtFreeVirtualMemory                                                                   7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtLoadDriver                                                                          7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtOpenFile                                                                            7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtProtectVirtualMemory                                                                7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtSetInformationProcess                                                               7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtUnloadDriver                                                                        7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!NtWriteVirtualMemory                                                                  7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!KiUserExceptionDispatcher                                                             7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!RtlAllocateHeap                                                                       7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!LdrLoadDll                                                                            7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!LdrUnloadDll                                                                          7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ntdll.dll!LdrGetProcedureAddress                                                                7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CreateFileA                                                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!LoadLibraryExA                                                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!LoadLibraryA                                                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!GetProcAddress                                                                     7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!LoadLibraryW                                                                       7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!GetModuleHandleA                                                                   7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!GetModuleHandleW                                                                   7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CreateFileW                                                                        7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!MoveFileWithProgressW                                                              7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!MoveFileW                                                                          7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!OpenFile                                                                           7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!OpenFile + 3                                                                       7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CopyFileExW                                                                        7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CopyFileA                                                                          7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CopyFileW                                                                          7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!DeleteFileA                                                                        7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!DeleteFileW                                                                        7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!MoveFileExW                                                                        7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!MoveFileA                                                                          7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!MoveFileWithProgressA                                                              7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!MoveFileExA                                                                        7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!CopyFileExA                                                                        7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!WinExec                                                                            7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] kernel32.dll!LoadModule                                                                         7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] GDI32.dll!BitBlt                                                                                77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] GDI32.dll!CreateDCA                                                                             77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] GDI32.dll!CreateDCW                                                                             77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] USER32.dll!EndTask                                                                              7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] USER32.dll!mouse_event                                                                          7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] USER32.dll!keybd_event                                                                          7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ADVAPI32.dll!OpenServiceW                                                                       77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ADVAPI32.dll!OpenServiceA                                                                       77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ADVAPI32.dll!CreateServiceA                                                                     77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ADVAPI32.dll!CreateServiceW                                                                     77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ole32.dll!CoCreateInstanceEx                                                                    77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] ole32.dll!CoGetClassObject                                                                      775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] SHELL32.dll!ShellExecuteExW                                                                     7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] SHELL32.dll!ShellExecuteEx                                                                      7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] SHELL32.dll!ShellExecuteA                                                                       7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\RUNDLL32.EXE[1720] SHELL32.dll!ShellExecuteW                                                                       7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] WS2_32.dll!WSASocketW                                                                            71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1784] WS2_32.dll!WSASocketA                                                                            71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtAllocateVirtualMemory                                                                 7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtClose                                                                                 7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtCreateFile                                                                            7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtCreateProcess                                                                         7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtCreateProcessEx                                                                       7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtDeleteFile                                                                            7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtFreeVirtualMemory                                                                     7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtLoadDriver                                                                            7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtOpenFile                                                                              7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtProtectVirtualMemory                                                                  7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtSetInformationProcess                                                                 7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtUnloadDriver                                                                          7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!NtWriteVirtualMemory                                                                    7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!KiUserExceptionDispatcher                                                               7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!RtlAllocateHeap                                                                         7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!LdrLoadDll                                                                              7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!LdrUnloadDll                                                                            7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ntdll.dll!LdrGetProcedureAddress                                                                  7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CreateFileA                                                                          7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!VirtualProtect                                                                       7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!LoadLibraryExW                                                                       7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!LoadLibraryExA                                                                       7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!LoadLibraryA                                                                         7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CreateProcessW                                                                       7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CreateProcessA                                                                       7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!GetProcAddress                                                                       7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!LoadLibraryW                                                                         7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!GetModuleHandleA                                                                     7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!GetModuleHandleW                                                                     7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CreateFileW                                                                          7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!MoveFileWithProgressW                                                                7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!MoveFileW                                                                            7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!OpenFile                                                                             7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!OpenFile + 3                                                                         7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CopyFileExW                                                                          7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CopyFileA                                                                            7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CopyFileW                                                                            7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!DeleteFileA                                                                          7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!DeleteFileW                                                                          7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!MoveFileExW                                                                          7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!MoveFileA                                                                            7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!MoveFileWithProgressA                                                                7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!MoveFileExA                                                                          7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!CopyFileExA                                                                          7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!WinExec                                                                              7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] kernel32.dll!LoadModule                                                                           7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ADVAPI32.dll!OpenServiceW                                                                         77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ADVAPI32.dll!OpenServiceA                                                                         77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ADVAPI32.dll!CreateServiceA                                                                       77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ADVAPI32.dll!CreateServiceW                                                                       77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] GDI32.dll!BitBlt                                                                                  77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] GDI32.dll!CreateDCA                                                                               77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] GDI32.dll!CreateDCW                                                                               77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] USER32.dll!EndTask                                                                                7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] USER32.dll!mouse_event                                                                            7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] USER32.dll!keybd_event                                                                            7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] SHELL32.dll!ShellExecuteExW                                                                       7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] SHELL32.dll!ShellExecuteEx                                                                        7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] SHELL32.dll!ShellExecuteA                                                                         7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] SHELL32.dll!ShellExecuteW                                                                         7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ole32.dll!CoCreateInstanceEx                                                                      77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\sstray.exe[1808] ole32.dll!CoGetClassObject                                                                        775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtAllocateVirtualMemory                                           7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtClose                                                           7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtCreateFile                                                      7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtCreateProcess                                                   7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtCreateProcessEx                                                 7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtDeleteFile                                                      7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtFreeVirtualMemory                                               7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtLoadDriver                                                      7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtOpenFile                                                        7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtProtectVirtualMemory                                            7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtSetInformationProcess                                           7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtUnloadDriver                                                    7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!NtWriteVirtualMemory                                              7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!KiUserExceptionDispatcher                                         7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!RtlAllocateHeap                                                   7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!LdrLoadDll                                                        7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!LdrUnloadDll                                                      7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ntdll.dll!LdrGetProcedureAddress                                            7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CreateFileA                                                    7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!VirtualProtect                                                 7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!LoadLibraryExW                                                 7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!LoadLibraryExA                                                 7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!LoadLibraryA                                                   7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CreateProcessW                                                 7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CreateProcessA                                                 7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!GetProcAddress                                                 7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!LoadLibraryW                                                   7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!GetModuleHandleA                                               7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!GetModuleHandleW                                               7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CreateFileW                                                    7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!MoveFileWithProgressW                                          7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!MoveFileW                                                      7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!OpenFile                                                       7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!OpenFile + 3                                                   7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CopyFileExW                                                    7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CopyFileA                                                      7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CopyFileW                                                      7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!DeleteFileA                                                    7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!DeleteFileW                                                    7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!MoveFileExW                                                    7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!MoveFileA                                                      7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!MoveFileWithProgressA                                          7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!MoveFileExA                                                    7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!CopyFileExA                                                    7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!WinExec                                                        7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] kernel32.dll!LoadModule                                                     7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] USER32.dll!EndTask                                                          7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] USER32.dll!mouse_event                                                      7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] USER32.dll!keybd_event                                                      7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] GDI32.dll!BitBlt                                                            77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] GDI32.dll!CreateDCA                                                         77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] GDI32.dll!CreateDCW                                                         77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ADVAPI32.dll!OpenServiceW                                                   77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ADVAPI32.dll!OpenServiceA                                                   77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ADVAPI32.dll!CreateServiceA                                                 77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ADVAPI32.dll!CreateServiceW                                                 77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] SHELL32.dll!ShellExecuteExW                                                 7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] SHELL32.dll!ShellExecuteEx                                                  7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] SHELL32.dll!ShellExecuteA                                                   7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] SHELL32.dll!ShellExecuteW                                                   7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ole32.dll!CoCreateInstanceEx                                                77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe[1856] ole32.dll!CoGetClassObject                                                  775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1928] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1996] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[2544] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtAllocateVirtualMemory                                                                    7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtClose                                                                                    7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtCreateFile                                                                               7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtCreateProcess                                                                            7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtCreateProcessEx                                                                          7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtDeleteFile                                                                               7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtFreeVirtualMemory                                                                        7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtLoadDriver                                                                               7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtOpenFile                                                                                 7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtProtectVirtualMemory                                                                     7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtSetInformationProcess                                                                    7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtUnloadDriver                                                                             7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!NtWriteVirtualMemory                                                                       7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!KiUserExceptionDispatcher                                                                  7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!RtlAllocateHeap                                                                            7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrLoadDll                                                                                 7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrUnloadDll                                                                               7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ntdll.dll!LdrGetProcedureAddress                                                                     7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateFileA                                                                             7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!VirtualProtect                                                                          7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryExW                                                                          7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryExA                                                                          7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryA                                                                            7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateProcessW                                                                          7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateProcessA                                                                          7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!GetProcAddress                                                                          7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadLibraryW                                                                            7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!GetModuleHandleA                                                                        7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!GetModuleHandleW                                                                        7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CreateFileW                                                                             7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileWithProgressW                                                                   7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileW                                                                               7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!OpenFile                                                                                7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!OpenFile + 3                                                                            7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileExW                                                                             7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileA                                                                               7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileW                                                                               7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!DeleteFileA                                                                             7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!DeleteFileW                                                                             7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileExW                                                                             7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileA                                                                               7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileWithProgressA                                                                   7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!MoveFileExA                                                                             7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!CopyFileExA                                                                             7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!WinExec                                                                                 7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] kernel32.dll!LoadModule                                                                              7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!EndTask                                                                                   7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!mouse_event                                                                               7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] USER32.dll!keybd_event                                                                               7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] GDI32.dll!BitBlt                                                                                     77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] GDI32.dll!CreateDCA                                                                                  77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] GDI32.dll!CreateDCW                                                                                  77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!OpenServiceW                                                                            77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!OpenServiceA                                                                            77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceA                                                                          77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ADVAPI32.dll!CreateServiceW                                                                          77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ole32.dll!CoCreateInstanceEx                                                                         77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] ole32.dll!CoGetClassObject                                                                           775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] WS2_32.dll!WSASocketW                                                                                71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] WS2_32.dll!WSASocketA                                                                                71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteExW                                                                          7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteEx                                                                           7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteA                                                                            7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\System32\alg.exe[2688] SHELL32.dll!ShellExecuteW                                                                            7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtAllocateVirtualMemory                                                                7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtClose                                                                                7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtCreateFile                                                                           7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtCreateProcess                                                                        7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtCreateProcessEx                                                                      7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtDeleteFile                                                                           7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtFreeVirtualMemory                                                                    7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtLoadDriver                                                                           7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtOpenFile                                                                             7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtProtectVirtualMemory                                                                 7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtSetInformationProcess                                                                7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtUnloadDriver                                                                         7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!NtWriteVirtualMemory                                                                   7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!KiUserExceptionDispatcher                                                              7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!RtlAllocateHeap                                                                        7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!LdrLoadDll                                                                             7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!LdrUnloadDll                                                                           7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ntdll.dll!LdrGetProcedureAddress                                                                 7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CreateFileA                                                                         7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!VirtualProtect                                                                      7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!LoadLibraryExW                                                                      7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!LoadLibraryExA                                                                      7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!LoadLibraryA                                                                        7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CreateProcessW                                                                      7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CreateProcessA                                                                      7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!GetProcAddress                                                                      7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!LoadLibraryW                                                                        7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!GetModuleHandleA                                                                    7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!GetModuleHandleW                                                                    7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CreateFileW                                                                         7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!MoveFileWithProgressW                                                               7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!MoveFileW                                                                           7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!OpenFile                                                                            7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!OpenFile + 3                                                                        7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CopyFileExW                                                                         7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CopyFileA                                                                           7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CopyFileW                                                                           7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!DeleteFileA                                                                         7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!DeleteFileW                                                                         7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!MoveFileExW                                                                         7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!MoveFileA                                                                           7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!MoveFileWithProgressA                                                               7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!MoveFileExA                                                                         7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!CopyFileExA                                                                         7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!WinExec                                                                             7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] kernel32.dll!LoadModule                                                                          7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] USER32.dll!EndTask                                                                               7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] USER32.dll!mouse_event                                                                           7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] USER32.dll!keybd_event                                                                           7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] GDI32.dll!BitBlt                                                                                 77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] GDI32.dll!CreateDCA                                                                              77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] GDI32.dll!CreateDCW                                                                              77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] SHELL32.dll!ShellExecuteExW                                                                      7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] SHELL32.dll!ShellExecuteEx                                                                       7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] SHELL32.dll!ShellExecuteA                                                                        7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] SHELL32.dll!ShellExecuteW                                                                        7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ADVAPI32.dll!OpenServiceW                                                                        77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ADVAPI32.dll!OpenServiceA                                                                        77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ADVAPI32.dll!CreateServiceA                                                                      77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ADVAPI32.dll!CreateServiceW                                                                      77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ole32.dll!CoCreateInstanceEx                                                                     77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\wscntfy.exe[2700] ole32.dll!CoGetClassObject                                                                       775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtAllocateVirtualMemory                                         7C90CF6E 5 Bytes  JMP 01111950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtClose                                                         7C90CFEE 5 Bytes  JMP 01117210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtCreateFile                                                    7C90D0AE 5 Bytes  JMP 011118D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtCreateProcess                                                 7C90D14E 5 Bytes  JMP 01111890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtCreateProcessEx                                               7C90D15E 5 Bytes  JMP 011119B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtDeleteFile                                                    7C90D23E 5 Bytes  JMP 01111910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtFreeVirtualMemory                                             7C90D38E 5 Bytes  JMP 01111A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtLoadDriver                                                    7C90D46E 5 Bytes  JMP 01111970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtOpenFile                                                      7C90D59E 5 Bytes  JMP 011118F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtProtectVirtualMemory                                          7C90D6EE 5 Bytes  JMP 01111930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtSetInformationProcess                                         7C90DC9E 5 Bytes  JMP 011119D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtUnloadDriver                                                  7C90DEBE 5 Bytes  JMP 01111990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!NtWriteVirtualMemory                                            7C90DFAE 5 Bytes  JMP 011118B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!KiUserExceptionDispatcher                                       7C90E47C 7 Bytes  JMP 01112240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!RtlAllocateHeap                                                 7C9100C4 5 Bytes  JMP 01111A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!LdrLoadDll                                                      7C9163C3 5 Bytes  JMP 011131B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!LdrUnloadDll                                                    7C91738B 5 Bytes  JMP 01117140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ntdll.dll!LdrGetProcedureAddress                                          7C917EA8 5 Bytes  JMP 011119F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CreateFileA                                                  7C801A28 5 Bytes  JMP 01111B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!VirtualProtect                                               7C801AD4 5 Bytes  JMP 01111D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!LoadLibraryExW                                               7C801AF5 7 Bytes  JMP 01111AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!LoadLibraryExA                                               7C801D53 5 Bytes  JMP 01111AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!LoadLibraryA                                                 7C801D7B 5 Bytes  JMP 01111D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CreateProcessW                                               7C802336 5 Bytes  JMP 01111A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CreateProcessA                                               7C80236B 5 Bytes  JMP 01111A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!GetProcAddress                                               7C80AE40 5 Bytes  JMP 01111A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!LoadLibraryW                                                 7C80AEEB 5 Bytes  JMP 01111D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!GetModuleHandleA                                             7C80B741 5 Bytes  JMP 01111CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!GetModuleHandleW                                             7C80E4DD 5 Bytes  JMP 01111D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CreateFileW                                                  7C810800 5 Bytes  JMP 01111B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileWithProgressW                                        7C81F72E 5 Bytes  JMP 01111C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileW                                                    7C821261 5 Bytes  JMP 01111C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!OpenFile                                                     7C821982 2 Bytes  JMP 01111B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!OpenFile + 3                                                 7C821985 2 Bytes  [8F, 84]
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CopyFileExW                                                  7C827B32 7 Bytes  JMP 01111BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CopyFileA                                                    7C8286EE 5 Bytes  JMP 01111B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CopyFileW                                                    7C82F87B 5 Bytes  JMP 01111B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!DeleteFileA                                                  7C831EDD 5 Bytes  JMP 01111CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!DeleteFileW                                                  7C831F63 5 Bytes  JMP 01111CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileExW                                                  7C83568B 5 Bytes  JMP 01111C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileA                                                    7C835EBF 5 Bytes  JMP 01111BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileWithProgressA                                        7C835EDE 5 Bytes  JMP 01111C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileExA                                                  7C85E49B 3 Bytes  JMP 01111C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!MoveFileExA + 4                                              7C85E49F 1 Byte  [84]
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CopyFileExA                                                  7C85F39C 3 Bytes  JMP 01111BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!CopyFileExA + 4                                              7C85F3A0 1 Byte  [84]
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!WinExec                                                      7C86250D 5 Bytes  JMP 01111D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] kernel32.dll!LoadModule                                                   7C86261E 5 Bytes  JMP 01111AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] WS2_32.dll!WSASocketW                                                     71AB404E 7 Bytes  JMP 01111E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] WS2_32.dll!WSASocketA                                                     71AB8B6A 5 Bytes  JMP 01111E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ADVAPI32.dll!OpenServiceW                                                 77DE6FFD 7 Bytes  JMP 01111480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ADVAPI32.dll!OpenServiceA                                                 77DF4C66 7 Bytes  JMP 01111640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ADVAPI32.dll!CreateServiceA                                               77E37211 7 Bytes  JMP 01111000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ADVAPI32.dll!CreateServiceW                                               77E373A9 7 Bytes  JMP 01111250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] USER32.dll!EndTask                                                        7E45A0A5 5 Bytes  JMP 01116E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] USER32.dll!mouse_event                                                    7E46673F 5 Bytes  JMP 01112CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] USER32.dll!keybd_event                                                    7E466783 5 Bytes  JMP 01112B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] GDI32.dll!BitBlt                                                          77F16F79 5 Bytes  JMP 01112E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] GDI32.dll!CreateDCA                                                       77F1B7D2 5 Bytes  JMP 01112840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] GDI32.dll!CreateDCW                                                       77F1BE38 5 Bytes  JMP 011129D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ole32.dll!CoCreateInstanceEx                                              77500526 5 Bytes  JMP 01116B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] ole32.dll!CoGetClassObject                                                775156C5 5 Bytes  JMP 01116C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] SHELL32.dll!ShellExecuteExW                                               7CA0996B 5 Bytes  JMP 01111E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] SHELL32.dll!ShellExecuteEx                                                7CA40EB5 5 Bytes  JMP 01111DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] SHELL32.dll!ShellExecuteA                                                 7CA411E0 5 Bytes  JMP 01111DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\TVersity\Media Server\MediaServer.exe[2708] SHELL32.dll!ShellExecuteW                                                 7CAB5D48 5 Bytes  JMP 01111DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtAllocateVirtualMemory                                                   7C90CF6E 5 Bytes  JMP 01071950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtClose                                                                   7C90CFEE 5 Bytes  JMP 01077210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtCreateFile                                                              7C90D0AE 5 Bytes  JMP 010718D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtCreateProcess                                                           7C90D14E 5 Bytes  JMP 01071890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtCreateProcessEx                                                         7C90D15E 5 Bytes  JMP 010719B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtDeleteFile                                                              7C90D23E 5 Bytes  JMP 01071910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtFreeVirtualMemory                                                       7C90D38E 5 Bytes  JMP 01071A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtLoadDriver                                                              7C90D46E 5 Bytes  JMP 01071970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtOpenFile                                                                7C90D59E 5 Bytes  JMP 010718F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtProtectVirtualMemory                                                    7C90D6EE 5 Bytes  JMP 01071930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtSetInformationProcess                                                   7C90DC9E 5 Bytes  JMP 010719D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtUnloadDriver                                                            7C90DEBE 5 Bytes  JMP 01071990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!NtWriteVirtualMemory                                                      7C90DFAE 5 Bytes  JMP 010718B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!KiUserExceptionDispatcher                                                 7C90E47C 7 Bytes  JMP 01072240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!RtlAllocateHeap                                                           7C9100C4 5 Bytes  JMP 01071A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!LdrLoadDll                                                                7C9163C3 5 Bytes  JMP 010731B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!LdrUnloadDll                                                              7C91738B 5 Bytes  JMP 01077140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ntdll.dll!LdrGetProcedureAddress                                                    7C917EA8 5 Bytes  JMP 010719F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CreateFileA                                                            7C801A28 5 Bytes  JMP 01071B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!VirtualProtect                                                         7C801AD4 5 Bytes  JMP 01071D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!LoadLibraryExW                                                         7C801AF5 7 Bytes  JMP 01071AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!LoadLibraryExA                                                         7C801D53 5 Bytes  JMP 01071AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!LoadLibraryA                                                           7C801D7B 5 Bytes  JMP 01071D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CreateProcessW                                                         7C802336 5 Bytes  JMP 01071A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CreateProcessA                                                         7C80236B 5 Bytes  JMP 01071A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!GetProcAddress                                                         7C80AE40 5 Bytes  JMP 01071A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!LoadLibraryW                                                           7C80AEEB 5 Bytes  JMP 01071D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!GetModuleHandleA                                                       7C80B741 5 Bytes  JMP 01071CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!GetModuleHandleW                                                       7C80E4DD 5 Bytes  JMP 01071D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CreateFileW                                                            7C810800 5 Bytes  JMP 01071B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MoveFileWithProgressW                                                  7C81F72E 5 Bytes  JMP 01071C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MoveFileW                                                              7C821261 5 Bytes  JMP 01071C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!OpenFile                                                               7C821982 2 Bytes  JMP 01071B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!OpenFile + 3                                                           7C821985 2 Bytes  [85, 84]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CopyFileExW                                                            7C827B32 7 Bytes  JMP 01071BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CopyFileA                                                              7C8286EE 5 Bytes  JMP 01071B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CopyFileW                                                              7C82F87B 5 Bytes  JMP 01071B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!DeleteFileA                                                            7C831EDD 5 Bytes  JMP 01071CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!DeleteFileW                                                            7C831F63 5 Bytes  JMP 01071CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MoveFileExW                                                            7C83568B 5 Bytes  JMP 01071C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MoveFileA                                                              7C835EBF 5 Bytes  JMP 01071BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MoveFileWithProgressA                                                  7C835EDE 5 Bytes  JMP 01071C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!MoveFileExA                                                            7C85E49B 5 Bytes  JMP 01071C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!CopyFileExA                                                            7C85F39C 5 Bytes  JMP 01071BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!WinExec                                                                7C86250D 5 Bytes  JMP 01071D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] kernel32.dll!LoadModule                                                             7C86261E 5 Bytes  JMP 01071AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ADVAPI32.dll!OpenServiceW                                                           77DE6FFD 7 Bytes  JMP 01071480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ADVAPI32.dll!OpenServiceA                                                           77DF4C66 7 Bytes  JMP 01071640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ADVAPI32.dll!CreateServiceA                                                         77E37211 7 Bytes  JMP 01071000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ADVAPI32.dll!CreateServiceW                                                         77E373A9 7 Bytes  JMP 01071250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] WS2_32.dll!WSASocketW                                                               71AB404E 7 Bytes  JMP 01071E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] WS2_32.dll!WSASocketA                                                               71AB8B6A 5 Bytes  JMP 01071E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] GDI32.dll!BitBlt                                                                    77F16F79 5 Bytes  JMP 01072E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] GDI32.dll!CreateDCA                                                                 77F1B7D2 5 Bytes  JMP 01072840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] GDI32.dll!CreateDCW                                                                 77F1BE38 5 Bytes  JMP 010729D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] USER32.dll!EndTask                                                                  7E45A0A5 5 Bytes  JMP 01076E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] USER32.dll!mouse_event                                                              7E46673F 5 Bytes  JMP 01072CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] USER32.dll!keybd_event                                                              7E466783 5 Bytes  JMP 01072B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] SHELL32.dll!ShellExecuteExW                                                         7CA0996B 5 Bytes  JMP 01071E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] SHELL32.dll!ShellExecuteEx                                                          7CA40EB5 5 Bytes  JMP 01071DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] SHELL32.dll!ShellExecuteA                                                           7CA411E0 5 Bytes  JMP 01071DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] SHELL32.dll!ShellExecuteW                                                           7CAB5D48 5 Bytes  JMP 01071DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ole32.dll!CoCreateInstanceEx                                                        77500526 5 Bytes  JMP 01076B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] ole32.dll!CoGetClassObject                                                          775156C5 5 Bytes  JMP 01076C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] WININET.dll!InternetConnectA                                                        3D94DEAE 5 Bytes  JMP 01071E30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3084] WININET.dll!InternetConnectW                                                        3D94F862 5 Bytes  JMP 01071E50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtAllocateVirtualMemory                                             7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtClose                                                             7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtCreateFile                                                        7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtCreateProcess                                                     7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtCreateProcessEx                                                   7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtDeleteFile                                                        7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtFreeVirtualMemory                                                 7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtLoadDriver                                                        7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtOpenFile                                                          7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtProtectVirtualMemory                                              7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtSetInformationProcess                                             7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtUnloadDriver                                                      7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!NtWriteVirtualMemory                                                7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!KiUserExceptionDispatcher                                           7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!RtlAllocateHeap                                                     7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!LdrLoadDll                                                          7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!LdrUnloadDll                                                        7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ntdll.dll!LdrGetProcedureAddress                                              7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CreateFileA                                                      7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!VirtualProtect                                                   7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!LoadLibraryExW                                                   7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!LoadLibraryExA                                                   7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!LoadLibraryA                                                     7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CreateProcessW                                                   7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CreateProcessA                                                   7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!GetProcAddress                                                   7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!LoadLibraryW                                                     7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!GetModuleHandleA                                                 7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!GetModuleHandleW                                                 7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CreateFileW                                                      7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!MoveFileWithProgressW                                            7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!MoveFileW                                                        7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!OpenFile                                                         7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!OpenFile + 3                                                     7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CopyFileExW                                                      7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CopyFileA                                                        7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CopyFileW                                                        7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!DeleteFileA                                                      7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!DeleteFileW                                                      7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!MoveFileExW                                                      7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!MoveFileA                                                        7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!MoveFileWithProgressA                                            7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!MoveFileExA                                                      7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!CopyFileExA                                                      7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!WinExec                                                          7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] kernel32.dll!LoadModule                                                       7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ADVAPI32.dll!OpenServiceW                                                     77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ADVAPI32.dll!OpenServiceA                                                     77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ADVAPI32.dll!CreateServiceA                                                   77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ADVAPI32.dll!CreateServiceW                                                   77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] USER32.dll!EndTask                                                            7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] USER32.dll!mouse_event                                                        7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] USER32.dll!keybd_event                                                        7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] GDI32.dll!BitBlt                                                              77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] GDI32.dll!CreateDCA                                                           77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] GDI32.dll!CreateDCW                                                           77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ole32.dll!CoCreateInstanceEx                                                  77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] ole32.dll!CoGetClassObject                                                    775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] WS2_32.dll!WSASocketW                                                         71AB404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] WS2_32.dll!WSASocketA                                                         71AB8B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] SHELL32.dll!ShellExecuteExW                                                   7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] SHELL32.dll!ShellExecuteEx                                                    7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] SHELL32.dll!ShellExecuteA                                                     7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Media Player\WMPNetwk.exe[4088] SHELL32.dll!ShellExecuteW                                                     7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtAllocateVirtualMemory                            7C90CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtClose                                            7C90CFEE 5 Bytes  JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtCreateFile                                       7C90D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtCreateProcess                                    7C90D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtCreateProcessEx                                  7C90D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtDeleteFile                                       7C90D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtFreeVirtualMemory                                7C90D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtLoadDriver                                       7C90D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtOpenFile                                         7C90D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtProtectVirtualMemory                             7C90D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtSetInformationProcess                            7C90DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtUnloadDriver                                     7C90DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!NtWriteVirtualMemory                               7C90DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!KiUserExceptionDispatcher                          7C90E47C 7 Bytes  JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!RtlAllocateHeap                                    7C9100C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!LdrLoadDll                                         7C9163C3 5 Bytes  JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!LdrUnloadDll                                       7C91738B 5 Bytes  JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ntdll.dll!LdrGetProcedureAddress                             7C917EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CreateFileA                                     7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!VirtualProtect                                  7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!LoadLibraryExW                                  7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!LoadLibraryExA                                  7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!LoadLibraryA                                    7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CreateProcessW                                  7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CreateProcessA                                  7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!GetProcAddress                                  7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!LoadLibraryW                                    7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!GetModuleHandleA                                7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!GetModuleHandleW                                7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CreateFileW                                     7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!MoveFileWithProgressW                           7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!MoveFileW                                       7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!OpenFile                                        7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!OpenFile + 3                                    7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CopyFileExW                                     7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CopyFileA                                       7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CopyFileW                                       7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!DeleteFileA                                     7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!DeleteFileW                                     7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!MoveFileExW                                     7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!MoveFileA                                       7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!MoveFileWithProgressA                           7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!MoveFileExA                                     7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!CopyFileExA                                     7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!WinExec                                         7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] kernel32.dll!LoadModule                                      7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] USER32.dll!EndTask                                           7E45A0A5 5 Bytes  JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] USER32.dll!mouse_event                                       7E46673F 5 Bytes  JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] USER32.dll!keybd_event                                       7E466783 5 Bytes  JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] GDI32.dll!BitBlt                                             77F16F79 5 Bytes  JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] GDI32.dll!CreateDCA                                          77F1B7D2 5 Bytes  JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] GDI32.dll!CreateDCW                                          77F1BE38 5 Bytes  JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ole32.dll!CoCreateInstanceEx                                 77500526 5 Bytes  JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ole32.dll!CoGetClassObject                                   775156C5 5 Bytes  JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ADVAPI32.dll!OpenServiceW                                    77DE6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ADVAPI32.dll!OpenServiceA                                    77DF4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ADVAPI32.dll!CreateServiceA                                  77E37211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] ADVAPI32.dll!CreateServiceW                                  77E373A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] shell32.dll!ShellExecuteExW                                  7CA0996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] shell32.dll!ShellExecuteEx                                   7CA40EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] shell32.dll!ShellExecuteA                                    7CA411E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text           C:\Documents and Settings\Admin\My Documents\Downloads\37ivy1cu.exe[4352] shell32.dll!ShellExecuteW                                    7CAB5D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\bridge.sys[NDIS.SYS!NdisRegisterProtocol]                                                                 [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\bridge.sys[NDIS.SYS!NdisOpenAdapter]                                                                      [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\bridge.sys[NDIS.SYS!NdisCloseAdapter]                                                                     [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\system32\DRIVERS\bridge.sys[NDIS.SYS!NdisDeregisterProtocol]                                                               [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]                                                                    [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]                                                                     [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]                                                              [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]                                                                [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                                                               [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                                                    [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                                                   [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                                                             [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                                                               [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                                                                 [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                                                      [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                                                     [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                                                                [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                                                              [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                                                    [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                                                     [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                                                      [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                                                       [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                                                  [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                                                               [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                                                                 [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                                                      [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                                                     [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter]                                                                    [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter]                                                                     [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol]                                                              [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol]                                                                [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                                                                [F73DF950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                                                              [F73DF990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                                                    [F73DF710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                                                     [F73DF770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                                 Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device                                                                                                                                                 Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                               cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                              cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                              cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                            cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device                                                                                                                                                 mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device                                                                                                                                                 Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service         C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                      [AUTO] kkohnpj                                                                                                                                                                                                                   <-- ROOTKIT !!!
Service         C:\WINDOWS\system32\svchost.exe (*** hidden *** )                                                                                      [AUTO] odozeauk                                                                                                                                                                                                                  <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@DisplayName                                                                             Time Security
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@Type                                                                                    32
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@Start                                                                                   2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@ErrorControl                                                                            0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@ImagePath                                                                               %SystemRoot%\system32\svchost.exe -k netsvcs
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@ObjectName                                                                              LocalSystem
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj@Description                                                                             Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj\Parameters                                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\kkohnpj\Parameters@ServiceDll                                                                   C:\WINDOWS\system32\nxhsekli.dll
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@DisplayName                                                                            Windows Installer
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@Type                                                                                   32
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@Start                                                                                  2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@ErrorControl                                                                           0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@ImagePath                                                                              %SystemRoot%\system32\svchost.exe -k netsvcs
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@ObjectName                                                                             LocalSystem
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk@Description                                                                            Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk\Parameters                                                                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\odozeauk\Parameters@ServiceDll                                                                  C:\WINDOWS\system32\nxhsekli.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@DisplayName                                                                                 Time Security
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@Type                                                                                        32
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@Start                                                                                       2
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@ErrorControl                                                                                0
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@ImagePath                                                                                   %SystemRoot%\system32\svchost.exe -k netsvcs
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@ObjectName                                                                                  LocalSystem
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj@Description                                                                                 Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj\Parameters (not active ControlSet)                                                          
Reg             HKLM\SYSTEM\ControlSet002\Services\kkohnpj\Parameters@ServiceDll                                                                       C:\WINDOWS\system32\nxhsekli.dll
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@DisplayName                                                                                Windows Installer
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@Type                                                                                       32
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@Start                                                                                      2
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@ErrorControl                                                                               0
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@ImagePath                                                                                  %SystemRoot%\system32\svchost.exe -k netsvcs
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@ObjectName                                                                                 LocalSystem
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk@Description                                                                                Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk\Parameters (not active ControlSet)                                                         
Reg             HKLM\SYSTEM\ControlSet002\Services\odozeauk\Parameters@ServiceDll                                                                      C:\WINDOWS\system32\nxhsekli.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SUPER                                                           
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SUPER @SlowInfoCache                                            0x28 0x02 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SUPER @Changed                                                  0
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER                                                                         
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @DisplayName                                                            SUPER ? Version 2009.bld.35 (Jan 5, 2009)
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @UninstallString                                                        C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @InstallDate                                                            2009-01-27 20:22:53
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @InstallLocation                                                        C:\Program Files\eRightSoft\SUPER
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @InstallSource                                                          G:
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @DisplayIcon                                                            C:\Program Files\eRightSoft\SUPER\SUPER.exe
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @DisplayVersion                                                         Version 2009.bld.35 (Jan 5, 2009)
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @VersionMajor                                                           0
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @VersionMinor                                                           0
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @Publisher                                                              eRightSoft
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @HelpLink                                                               http://www.eRightSoft.com
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @URLInfoAbout                                                           http://www.eRightSoft.com
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @URLUpdateInfo                                                          http://www.eRightSoft.com
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SUPER @Contact                                                                support@eRightSoft.com
Reg             HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter                        
Reg             HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName           Indeo? video 5.10 Compression Filter
Reg             HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID                  {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg             HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData             0x02 0x00 0x00 0x00 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType            1
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SUPER ?Version 2009.bld.35 (Jan 5, 2009)        
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SUPER ?Version 2009.bld.35 (Jan 5, 2009)@Order  0x08 0x00 0x00 0x00 ...
    ZitierenZitieren
  4. 29.11.2009, 14:33 #4
    Jintan
    Jintan ist offline
    Moderator (global) Team-Mitglied
    Registriert seit
    25.11.2006
    Beiträge
    5.949

    Re: random freezes, strange autorun

    Do yourself a good deed and uninstall that Messenger Plus! Live software. Although it might bring a few extra items, it is the installer for it's very aggressive Lop adware, and leaves your system sending/receiving traffic with an adware vendor's servers.

    Comodo has "hooks" in everything there, but the Gmer info you were able to get does show some rootkit activity loading as legit services. Be sure to get Comodo disable while doing these steps though.


    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

    Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

    Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

    A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!
    ZitierenZitieren
  5. 30.11.2009, 00:51 #5
    Peter2009
    Peter2009 ist offline
    Einsteiger
    Registriert seit
    03.01.2009
    Beiträge
    26

    AW: random freezes, strange autorun

    Thanks Jintan, I hope this is okay. I'm not sure if the program ran in chinese because my language for non-unicode is set to Chinese at the moment.

    Code:
    ComboFix 09-11-29.02 - Admin 9/2009 Sun 19:32.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.936.86.1033.18.1023.651 [GMT -5:00]
执行位置: c:\documents and settings\Admin\Desktop\456out.com.exe
AV: COMODO Antivirus *On-access scanning disabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((((((   被删除的档案   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\i
c:\windows\system32\sstray.exe

.
(((((((((((((((((((((((((  2009-10-28 至 2009-11-30 的新的档案  )))))))))))))))))))))))))))))))
.

2009-11-28 17:23 . 2009-11-28 17:23	--------	d-----w-	c:\documents and settings\David\Application Data\Malwarebytes
2009-11-19 05:07 . 2009-11-19 05:07	--------	d-sh--w-	c:\documents and settings\Admin\PrivacIE
2009-11-16 02:57 . 2009-11-16 03:02	--------	d-----w-	c:\program files\ChinaCrossFire
2009-11-16 02:56 . 2009-11-16 02:56	--------	d-----w-	c:\program files\???????·
2009-11-16 02:05 . 2009-11-16 02:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tencent
2009-11-16 02:03 . 2009-11-16 02:53	--------	d-----w-	C:\Download
2009-11-15 20:55 . 2009-11-15 20:55	--------	d-----w-	c:\documents and settings\David\Local Settings\Application Data\Identities
2009-11-15 17:00 . 2009-11-28 18:23	91640	----a-w-	c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 04:07 . 2009-11-12 06:04	79488	----a-w-	c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 02:20 . 2009-11-09 02:20	--------	d-----w-	C:\CFLog
2009-11-09 02:19 . 2005-01-01 00:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2009-11-09 02:19 . 2009-11-09 02:19	--------	d-----w-	c:\program files\Common Files\INCA Shared
2009-11-09 02:15 . 2009-11-09 02:15	--------	d-----w-	c:\program files\Z8Games
2009-11-04 08:00 . 2009-11-04 08:00	--------	d-----w-	c:\program files\MSXML 4.0
2009-11-03 04:38 . 2009-11-03 04:38	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Roxio
2009-11-03 04:38 . 2009-11-03 04:38	--------	d-----w-	c:\documents and settings\Admin\Application Data\Roxio
2009-11-03 03:52 . 2009-11-03 03:52	--------	d-----w-	c:\documents and settings\Admin\Application Data\InstallShield
2009-11-03 03:52 . 2009-11-03 03:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallShield
2009-11-03 03:52 . 2009-11-03 03:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sonic
2009-11-03 03:48 . 2009-11-03 03:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\Roxio
2009-11-03 03:48 . 2009-11-03 03:48	--------	d-----w-	c:\program files\Common Files\Sonic Shared
2009-11-03 03:48 . 2009-11-03 03:49	--------	d-----w-	c:\program files\Roxio
2009-11-03 03:34 . 2009-11-03 03:34	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Research In Motion

.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 00:37 . 2009-04-18 00:13	--------	d-----w-	c:\documents and settings\Admin\Application Data\DNA
2009-11-30 00:17 . 2009-10-18 05:34	256	----a-w-	c:\windows\system32\pool.bin
2009-11-30 00:17 . 2009-04-18 00:13	--------	d-----w-	c:\program files\DNA
2009-11-29 12:42 . 2009-01-08 00:17	--------	d-----w-	c:\documents and settings\Admin\Application Data\uTorrent
2009-11-28 07:52 . 2009-01-04 01:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-11-16 03:20 . 2009-01-06 00:07	91640	----a-w-	c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-16 02:56 . 2009-11-16 02:56	--------	d-----w-	c:\program files\???????·
2009-11-16 02:05 . 2009-07-20 08:47	--------	d-----w-	c:\documents and settings\Admin\Application Data\Tencent
2009-11-16 02:03 . 2009-07-20 08:48	--------	d-----w-	c:\program files\Tencent
2009-11-15 14:04 . 2009-07-17 01:32	--------	d-----w-	c:\documents and settings\Admin\Application Data\FileZilla
2009-11-15 14:04 . 2009-04-09 02:46	--------	d-----w-	c:\program files\FileZilla FTP Client
2009-11-14 06:25 . 2009-09-24 06:24	--------	d-----w-	c:\documents and settings\Admin\Application Data\LimeWire
2009-11-11 08:04 . 2009-01-10 03:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-03 03:49 . 2009-10-18 05:27	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2009-11-03 03:48 . 2009-01-03 20:23	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-10-20 13:01 . 2009-10-20 13:01	256	----a-w-	c:\documents and settings\Admin\pool.bin
2009-10-19 17:00 . 2009-10-19 17:00	--------	d-----w-	c:\documents and settings\David\Application Data\Research In Motion
2009-10-18 05:34 . 2009-10-18 05:34	--------	d-----w-	c:\documents and settings\Admin\Application Data\Research In Motion
2009-10-18 05:29 . 2009-10-18 05:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Research In Motion
2009-10-18 05:29 . 2009-04-01 04:10	--------	d-----w-	c:\program files\Research In Motion
2009-10-18 05:27 . 2009-04-01 04:10	--------	d-----w-	c:\program files\Common Files\Research In Motion
2009-10-08 11:27 . 2009-01-04 02:46	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 11:27 . 2009-01-04 02:46	--------	d-----w-	c:\program files\SpywareBlaster
2009-10-05 13:26 . 2009-10-05 13:20	--------	d-----w-	c:\documents and settings\Admin\Application Data\ImgBurn
2009-10-02 12:35 . 2009-10-02 12:35	--------	d-----w-	c:\program files\Microsoft
2009-10-02 04:25 . 2009-10-02 04:24	--------	d-----w-	c:\program files\TVersity Codec Pack
2009-10-02 04:23 . 2009-10-02 04:23	--------	d-----w-	c:\program files\TVersity
2009-09-11 14:18 . 2003-03-31 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-01-04 01:29	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-01-04 01:29	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2006-05-03 10:06 . 2009-01-28 01:22	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-01-28 01:22	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-01-28 01:22	216064	--sh--r-	c:\windows\system32\nbDX.dll
2009-03-21 14:06 . 2003-03-31 12:00	161750	--sha-r-	c:\windows\system32\nxhsekli.dll
.

(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 4341760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-28 1851128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6477:TCP"= 6477:TCP:dfnrxnwl

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [1/3/2009 3:32 PM 84529]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/28/2009 8:20 AM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/28/2009 8:20 AM 24336]
R3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [1/3/2009 3:48 PM 36960]
S2 kkohnpj;Time Security;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 7:00 AM 14336]
S2 odozeauk;Windows Installer;c:\windows\system32\svchost.exe -k netsvcs [3/31/2003 7:00 AM 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XDva214;XDva214;\??\c:\windows\system32\XDva214.sys --> c:\windows\system32\XDva214.sys [?]
S3 XDva244;XDva244;\??\c:\windows\system32\XDva244.sys --> c:\windows\system32\XDva244.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?]
S3 XDva276;XDva276;\??\c:\windows\system32\XDva276.sys --> c:\windows\system32\XDva276.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
odozeauk

[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
c:\windows\Fonts\wmsncs.exe
.
.
------- 而外的扫描 -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {3974BF2E-DE5B-4AE8-B99C-F1EAEB3879A4} = 207.164.234.193 207.164.234.129
DPF: {FD490921-0C40-4BC2-8E47-59C61C4BA0BE} - hxxp://xtrap.wiselogic.co.kr/XTrapSecure.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ei3y9wdu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-nForce Tray Options - sstray.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-′????e?? - c:\program files\ChinaCrossFire\′????e??D???.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-29 19:43
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

扫描被隐藏的进程 。。。  

扫描被隐藏的启动组 。。。 

扫描被隐藏的文件 。。。  

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kkohnpj]
"ServiceDll"="c:\windows\system32\nxhsekli.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\odozeauk]
"ServiceDll"="c:\windows\system32\nxhsekli.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h杸|€|鶗A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\guard32.dll
.
完成时间: 2009-11-29 19:47
ComboFix-quarantined-files.txt  2009-11-30 00:47

Pre-Run: 63,923,118,080 bytes free
Post-Run: 64,243,904,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 80CA68AFFBC4231CE9A7B25E0A96CDF9
    ZitierenZitieren
  6. 30.11.2009, 02:57 #6
    Jintan
    Jintan ist offline
    Moderator (global) Team-Mitglied
    Registriert seit
    25.11.2006
    Beiträge
    5.949

    Re: random freezes, strange autorun

    The ComboFix author has done a very good job of incorporating different language models into ComboFix. I will need you help with these:

    扫描被隐藏的进程 。。。

    扫描被隐藏的启动组 。。。

    扫描被隐藏的文件 。。。

    扫描完成
    被隐藏的档案: 0


    And this shows as created about the same time a Tencent folder was created:

    c:\program files\???????·

    So might need to figure out what that is referring to. Tencent is fairly accepted in many Asian areas, but in other locations is considered major adware/spyware (me being one that agrees with that).

    Let's go ahead and act on what is showing now though.


    Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


    Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

    Code:
    KillAll::
Driver::
kkohnpj
odozeauk
Rootkit::
c:\windows\Fonts\wmsncs.exe
NetSvc::
odozeauk
Registry::
[-HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{103L3C30-C3B3-4130-9363-E59E1375PERM}]
    Save this to your desktop as CFScript.txt


    You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

    ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

    A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

    -----------

    Open and update Malwarebytes.

    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform quick scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
    * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
    * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

    ---------------------

    Post that log and the C:\ComboFix.txt log please.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!
    ZitierenZitieren
  7. 01.12.2009, 13:40 #7
    Peter2009
    Peter2009 ist offline
    Einsteiger
    Registriert seit
    03.01.2009
    Beiträge
    26

    AW: random freezes, strange autorun

    Code:
    Scanning hidden processes...

Scanning hidden startup group...

Scanning hidden files...

Scan is complete
Hidden files: 0
    Oh, c:\program files\??????? is actually referring to the install directory for the chinese version of Cross Fire, a game. I don't play it anymore though actually. So if it won't hinder our progress here, I'll uninstall it if you say it's okay to do so. I uninstalled Messenger Plus! Live.

    The first time I attempted the scan the computer hung again, so this is the results I finally got on the second try.

    Code:
    ComboFix 09-11-29.02 - Admin 12/01/2009  7:30.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.537 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\456out.com.exe
Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KKOHNPJ
-------\Legacy_ODOZEAUK
-------\Service_kkohnpj
-------\Service_odozeauk


(((((((((((((((((((((((((   Files Created from 2009-11-01 to 2009-12-01  )))))))))))))))))))))))))))))))
.

2009-11-28 17:23 . 2009-11-28 17:23	--------	d-----w-	c:\documents and settings\David\Application Data\Malwarebytes
2009-11-19 05:07 . 2009-11-19 05:07	--------	d-sh--w-	c:\documents and settings\Admin\PrivacIE
2009-11-16 02:57 . 2009-11-16 03:02	--------	d-----w-	c:\program files\ChinaCrossFire
2009-11-16 02:56 . 2009-11-16 02:56	--------	d-----w-	c:\program files\ÌÚѶÓÎÏ·
2009-11-16 02:05 . 2009-11-16 02:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Tencent
2009-11-16 02:03 . 2009-11-16 02:53	--------	d-----w-	C:\Download
2009-11-15 20:55 . 2009-11-15 20:55	--------	d-----w-	c:\documents and settings\David\Local Settings\Application Data\Identities
2009-11-15 17:00 . 2009-11-28 18:23	91640	----a-w-	c:\documents and settings\David\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 04:07 . 2009-11-12 06:04	79488	----a-w-	c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-09 02:20 . 2009-11-09 02:20	--------	d-----w-	C:\CFLog
2009-11-09 02:19 . 2005-01-01 00:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2009-11-09 02:19 . 2009-11-09 02:19	--------	d-----w-	c:\program files\Common Files\INCA Shared
2009-11-09 02:15 . 2009-11-09 02:15	--------	d-----w-	c:\program files\Z8Games
2009-11-04 08:00 . 2009-11-04 08:00	--------	d-----w-	c:\program files\MSXML 4.0
2009-11-03 04:38 . 2009-11-03 04:38	--------	d-----w-	c:\documents and settings\LocalService\Application Data\Roxio
2009-11-03 04:38 . 2009-11-03 04:38	--------	d-----w-	c:\documents and settings\Admin\Application Data\Roxio
2009-11-03 03:52 . 2009-11-03 03:52	--------	d-----w-	c:\documents and settings\Admin\Application Data\InstallShield
2009-11-03 03:52 . 2009-11-03 03:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallShield
2009-11-03 03:52 . 2009-11-03 03:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sonic
2009-11-03 03:48 . 2009-11-03 03:51	--------	d-----w-	c:\documents and settings\All Users\Application Data\Roxio
2009-11-03 03:48 . 2009-11-03 03:48	--------	d-----w-	c:\program files\Common Files\Sonic Shared
2009-11-03 03:48 . 2009-11-03 03:49	--------	d-----w-	c:\program files\Roxio
2009-11-03 03:34 . 2009-11-03 03:34	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Research In Motion

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 12:53 . 2009-10-18 05:34	256	----a-w-	c:\windows\system32\pool.bin
2009-12-01 12:47 . 2009-04-18 00:13	--------	d-----w-	c:\program files\DNA
2009-12-01 12:47 . 2009-04-18 00:13	--------	d-----w-	c:\documents and settings\Admin\Application Data\DNA
2009-11-29 12:42 . 2009-01-08 00:17	--------	d-----w-	c:\documents and settings\Admin\Application Data\uTorrent
2009-11-28 07:52 . 2009-01-04 01:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-11-16 03:20 . 2009-01-06 00:07	91640	----a-w-	c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-16 02:05 . 2009-07-20 08:47	--------	d-----w-	c:\documents and settings\Admin\Application Data\Tencent
2009-11-16 02:03 . 2009-07-20 08:48	--------	d-----w-	c:\program files\Tencent
2009-11-15 14:04 . 2009-07-17 01:32	--------	d-----w-	c:\documents and settings\Admin\Application Data\FileZilla
2009-11-15 14:04 . 2009-04-09 02:46	--------	d-----w-	c:\program files\FileZilla FTP Client
2009-11-14 06:25 . 2009-09-24 06:24	--------	d-----w-	c:\documents and settings\Admin\Application Data\LimeWire
2009-11-11 08:04 . 2009-01-10 03:25	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-03 03:49 . 2009-10-18 05:27	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2009-11-03 03:48 . 2009-01-03 20:23	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-10-20 13:01 . 2009-10-20 13:01	256	----a-w-	c:\documents and settings\Admin\pool.bin
2009-10-19 17:00 . 2009-10-19 17:00	--------	d-----w-	c:\documents and settings\David\Application Data\Research In Motion
2009-10-18 05:34 . 2009-10-18 05:34	--------	d-----w-	c:\documents and settings\Admin\Application Data\Research In Motion
2009-10-18 05:29 . 2009-10-18 05:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\Research In Motion
2009-10-18 05:29 . 2009-04-01 04:10	--------	d-----w-	c:\program files\Research In Motion
2009-10-18 05:27 . 2009-04-01 04:10	--------	d-----w-	c:\program files\Common Files\Research In Motion
2009-10-08 11:27 . 2009-01-04 02:46	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-10-08 11:27 . 2009-01-04 02:46	--------	d-----w-	c:\program files\SpywareBlaster
2009-10-05 13:26 . 2009-10-05 13:20	--------	d-----w-	c:\documents and settings\Admin\Application Data\ImgBurn
2009-09-11 14:18 . 2003-03-31 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-01-04 01:29	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-01-04 01:29	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-03-31 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2006-05-03 10:06 . 2009-01-28 01:22	163328	--sh--r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-01-28 01:22	31232	--sh--r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-01-28 01:22	216064	--sh--r-	c:\windows\system32\nbDX.dll
2009-03-21 14:06 . 2003-03-31 12:00	161750	--sha-r-	c:\windows\system32\nxhsekli.dll
.

(((((((((((((((((((((((((((((   SnapShot@2009-11-30_00.43.32   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-01 12:42 . 2009-12-01 12:42	16384              c:\windows\temp\Perflib_Perfdata_788.dat
+ 2009-01-03 14:43 . 2009-11-30 12:15	323520              c:\windows\system32\FNTCACHE.DAT
- 2009-01-03 14:43 . 2009-11-16 03:19	323520              c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 4341760]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-28 1851128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-04-11 236016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6477:TCP"= 6477:TCP:dfnrxnwl

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [1/3/2009 3:32 PM 84529]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/28/2009 8:20 AM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/28/2009 8:20 AM 24336]
R3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [1/3/2009 3:48 PM 36960]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 XDva214;XDva214;\??\c:\windows\system32\XDva214.sys --> c:\windows\system32\XDva214.sys [?]
S3 XDva244;XDva244;\??\c:\windows\system32\XDva244.sys --> c:\windows\system32\XDva244.sys [?]
S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]
S3 XDva272;XDva272;\??\c:\windows\system32\XDva272.sys --> c:\windows\system32\XDva272.sys [?]
S3 XDva276;XDva276;\??\c:\windows\system32\XDva276.sys --> c:\windows\system32\XDva276.sys [?]
S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]
S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {FD490921-0C40-4BC2-8E47-59C61C4BA0BE} - hxxp://xtrap.wiselogic.co.kr/XTrapSecure.cab
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\ei3y9wdu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-01 07:47
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1056)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\COMODO\COMODO Internet Security\cfpupdat.exe
.
**************************************************************************
.
Completion time: 2009-12-01 07:55 - machine was rebooted
ComboFix-quarantined-files.txt  2009-12-01 12:55
ComboFix2.txt  2009-11-30 00:47

Pre-Run: 64,237,850,624 bytes free
Post-Run: 64,113,020,928 bytes free

- - End Of File - - 55A788DE5F5BC1F3BE37AEADD58A0107
    The scan results from Malwarebytes's:

    Code:
    Malwarebytes' Anti-Malware 1.41
Database version: 3267
Windows 5.1.2600 Service Pack 3

12/1/2009 8:15:14 AM
mbam-log-2009-12-01 (08-15-14).txt

Scan type: Quick Scan
Objects scanned: 128160
Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Quarantined and deleted successfully.

Files Infected:
E:\autorun.inf (Trojan.Conficker.H) -> Quarantined and deleted successfully.
E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Quarantined and deleted successfully.
    ZitierenZitieren
  8. 01.12.2009, 23:58 #8
    Jintan
    Jintan ist offline
    Moderator (global) Team-Mitglied
    Registriert seit
    25.11.2006
    Beiträge
    5.949

    Re: random freezes, strange autorun

    E drive showing some fake Recycler malware activities there. Be sure whatever that E drive was remains installed, until we are sure all infection is removed. Looking much better now though.


    Code:
    REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6477:TCP"=-
    Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

    Save this to your desktop as "fixer7.reg"

    Be sure to include the "" quotes in the name.

    Then right click fixer7.reg, select Merge, and allow it to merge the new information with the Registry.

    ------------------

    Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

    Remove found threats
    Scan unwanted applications

    Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

    Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


    If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!
    ZitierenZitieren
  9. 02.12.2009, 06:56 #9
    Peter2009
    Peter2009 ist offline
    Einsteiger
    Registriert seit
    03.01.2009
    Beiträge
    26

    AW: random freezes, strange autorun

    Well, this is a little embarrassing.

    Code:
    ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=b43057d8eb218044b63b3be17d004ccb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-12-02 06:42:05
# local_time=2009-12-02 01:42:05 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 28627099 28627099 0 0
# compatibility_mode=3073 16777189 80 89 3377195 20561979 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=229745
# found=3
# cleaned=3
# scan_time=6113
G:\My Documents\Files to Organize\Desktop Junk\Private Server\Server_200\Server.exe	probably a variant of Win32/Genetik trojan (cleaned by deleting - quarantined)	77AFBC2BCA17F52A16F3C7162CD716FB	C
G:\My Documents\LimeWire\Incomplete\Preview-T-5178636-? ????? the new unreleased single.au	a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)	C7A1163B2D9D7102AE8D939F2C94113C	C
G:\My Documents\My Received Files\old 1\Nero 7.7.5.1 Ultra.exe	Win32/Toolbar.AskSBar application (deleted - quarantined)	6E797018C43CD22732A768B9FAFBB24F	C
    Since ComboFix did its scan, the computer has not experienced any freezing up anymore! Thanks! Even with this scan though, I'm somehow not convinced that the system is clean any more Trojans though. You would know better though.

    Another note here is that I potentially have another USB Flash that might be infected.. I've formatted it before this whole procedure and left it alone since though. It's one that I previously have used for my work at the office, which a few others may have used as well. My computer at work hasn't shown any similar issues though. What proceedures should I take before plugging this one back into any computer? The back of my computer lacked enough USB ports to have this one also plugged in during the scans we have completed.
    ZitierenZitieren
  10. 02.12.2009, 23:27 #10
    Jintan
    Jintan ist offline
    Moderator (global) Team-Mitglied
    Registriert seit
    25.11.2006
    Beiträge
    5.949

    Re: random freezes, strange autorun

    The Eset log really does suggest the wrong choices being made there. Hopefully they don't soon lead here.

    Tough choice on that other drive. The only way to clean it is to insert it into a computer, at which time infection on it may start the problems all over again. You can click here and download Flash_Disinfector.exe and save it to your desktop.

    Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

    That will sort of "safe" the computer from an autorun action, but you still chance the computer getting infected. We do have this thread available, so let me know if you would like to have a go at cleaning that other drive now.
    Lebe den Tag!

    Jintan - Die Marke, bei der alles stimmt!
    ZitierenZitieren
Seite 1 von 2 12 LetzteLetzte
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. hacked by <random> -> logfile
    Von Funtik im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 19.11.2008, 18:38
  2. random tab openings
    Von ECR im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 05.06.2008, 14:56
  3. Hacked by <random> entfernen - Anleitung
    Von Petra im Forum Tipps & Tricks
    Antworten: 0
    Letzter Beitrag: 29.05.2008, 19:41
  4. Random Search Page while surfing web
    Von ljgrube im Forum Archiv
    Antworten: 8
    Letzter Beitrag: 23.04.2008, 13:26
  5. Random Scan
    Von trihornX im Forum Archiv
    Antworten: 7
    Letzter Beitrag: 09.05.2006, 02:49

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln