Here is the GMER log. It is too long so i will have to split it into parts.
GMER 1.0.15.15530 -
http://www.gmer.netRootkit scan 2010-11-15 13:33:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-7 ST3500418AS rev.HP22
Running: jqo0e83b.exe; Driver: C:\Users\Wuffie\AppData\Local\Temp\axryqpob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8F098BEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8F09A19C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8F098DD8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8F097F48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8F098852]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8F097E24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8F0985FE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8F099E2C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8F097810]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8F09983C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8F0981E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8F098A2E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8F098484]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8F0992D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8F099588]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8F099B34]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8F09817A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8F098370]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8F097C26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8F097A14]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8F098EE8]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 119 822BC87C 4 Bytes [EC, 8B, 09, 8F]
.text ntkrnlpa.exe!KeSetEvent + 13D 822BC8A0 8 Bytes [9C, A1, 09, 8F, D8, 8D, 09, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 822BC924 4 Bytes [48, 7F, 09, 8F]
.text ntkrnlpa.exe!KeSetEvent + 1D9 822BC93C 4 Bytes [52, 88, 09, 8F]
.text ntkrnlpa.exe!KeSetEvent + 205 822BC968 4 Bytes [24, 7E, 09, 8F]
.text ...
---- User code sections - GMER 1.0.15 ----
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] KERNEL32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteW 767A9725 5 Bytes JMP 1002C9E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteExW 767FC155 5 Bytes JMP 1002C9A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteEx 769AA27A 5 Bytes JMP 1002C9C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] shell32.dll!ShellExecuteA 769AA315 5 Bytes JMP 1002CA00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ole32.dll!CoGetClassObject 7746FAE8 5 Bytes JMP 1002E600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[164] ole32.dll!CoCreateInstanceEx 77489F81 5 Bytes JMP 1002E840 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[232] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[580] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[624] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] WS2_32.dll!WSASocketW 778E34EB 7 Bytes JMP 1002C920 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[636] WS2_32.dll!WSASocketA 778E8FA9 5 Bytes JMP 1002C940 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[648] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtSetInformationProcess 777D5324 5 Bytes JMP 1002CD60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtUnloadDriver 777D5574 5 Bytes JMP 1002CD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!NtWriteVirtualMemory 777D5674 5 Bytes JMP 1002CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ntdll.dll!RtlAllocateHeap 777D6570 5 Bytes JMP 1002C4E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessW 765E1BF3 5 Bytes JMP 10027790 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateProcessA 765E1C28 5 Bytes JMP 10028320 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!VirtualProtect 765E1DC3 5 Bytes JMP 1002CA20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!OpenFile 765E355A 5 Bytes JMP 1002CCA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileW 765EA2F2 5 Bytes JMP 1002CBA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileExW 765F0211 7 Bytes JMP 1002CBE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileW 765F0299 5 Bytes JMP 1002CC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!DeleteFileW 765FF4B6 5 Bytes JMP 1002CAE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!DeleteFileA 765FF5D2 5 Bytes JMP 1002CB00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileWithProgressW 766010A4 5 Bytes JMP 1002CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileExW 766010C8 5 Bytes JMP 1002CB60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryExW 76609109 7 Bytes JMP 1002CCC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryW 76609362 5 Bytes JMP 1002CA60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryExA 766094B4 5 Bytes JMP 1002CCE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadLibraryA 766094DC 5 Bytes JMP 1002CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetProcAddress 7662903B 5 Bytes JMP 1002CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetModuleHandleA 766292A5 5 Bytes JMP 1002CAC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetModuleHandleW 7662A804 5 Bytes JMP 1002CAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateFileW 7662AECB 5 Bytes JMP 1002CC60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CreateFileA 7662CE5F 5 Bytes JMP 1002CC80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileExA 76630F0A 5 Bytes JMP 1002CB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileWithProgressA 76630F2A 5 Bytes JMP 1002CB40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileA 76632433 5 Bytes JMP 1002CC40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!MoveFileA 7666F641 5 Bytes JMP 1002CBC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!CopyFileExA 766719F9 5 Bytes JMP 1002CC00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!WinExec 76675CF7 5 Bytes JMP 1002CA40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!LoadModule 76675E4F 5 Bytes JMP 1002CD00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserA 7646CEB9 5 Bytes JMP 10026BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateProcessAsUserW 76481EE9 5 Bytes JMP 100262C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!OpenServiceA 76482EBD 7 Bytes JMP 1002D590 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!OpenServiceW 76488354 7 Bytes JMP 1002D830 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceW 764A9EB4 7 Bytes JMP 1002DAA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] ADVAPI32.dll!CreateServiceA 764E72A1 7 Bytes JMP 1002DD80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[848] USER32.dll!EndTask 75E4AD32 5 Bytes JMP 1002E3C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrLoadDll 77799390 5 Bytes JMP 1002A630 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrUnloadDll 777ABA50 7 Bytes JMP 1001CE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!LdrGetProcedureAddress 777B5A88 5 Bytes JMP 1002CD40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtAllocateVirtualMemory 777D4134 5 Bytes JMP 1002CE00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtClose 777D4314 5 Bytes JMP 1001CD20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtCreateFile 777D43D4 5 Bytes JMP 1002CDC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtCreateProcess 777D4494 5 Bytes JMP 1002CE80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtCreateProcessEx 777D44A4 5 Bytes JMP 1002CE60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtDeleteFile 777D47B4 5 Bytes JMP 1002CE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtFreeVirtualMemory 777D4944 5 Bytes JMP 1002C490 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtLoadDriver 777D4A64 5 Bytes JMP 1002CDE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtOpenFile 777D4BB4 5 Bytes JMP 1002CDA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtProtectVirtualMemory 777D4D34 5 Bytes JMP 1002C440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\nvvsvc.exe[892] ntdll.dll!NtSetInformationProcess