1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mozilla acting up, infection confirmed with Hijackthis

Discussion in 'Virus & Other Malware Removal' started by alexnyc, Jan 25, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    Hello and thank you in advance for your help.
    This are the symptoms:
    A- Facebook/Internet open tabs: It went mad like clicking 20-40 times very fast, as if someone or something was accessing the emails on my inbox.
    B- Right click on mouse would not work (after restart now works).
    C- PC freezing (now it is working but it could be temporary sense of happiness).
    D- AVG PC Analizer found and I am unable to delete: 106 registry errors, 190 junk files, 11 broken shortcuts.
    E- Hijackthis shows plenty of files that I should be deleting but tried and did not work (after reading your tutorial I understand that this is something that you do not approve doing).

    QUICK NOTE: Because of your limit of 300000 characters I will cut the post and follow it with the rest of the data. Thank you


    1) Hijackthis

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:47:57 PM, on 1/25/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Neo\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
    O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

    --
    End of file - 8723 bytes


    ======================================================

    2) DDS

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.1
    Run by Neo at 15:01:04 on 2013-01-25
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2814.1321 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ================
    .
    C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
    C:\Program Files\AVG\AVG2013\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2013\avgidsagent.exe
    C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    C:\Program Files\AVG\AVG2013\avgnsx.exe
    C:\Program Files\AVG\AVG2013\avgemcx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Users\Neo\Downloads\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - c:\program files\splashtop\splashtop connect ie\STC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - c:\program files\common files\doubletwist\IEPodcastPlugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.2.14\AVG Secure Search_toolbar.dll
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [STCAgent] "c:\program files\splashtop\splashtop connect ie\STCAgent.exe"
    mRun: [ZyngaGamesAgent] "c:\program files\splashtop\splashtop connect\ZyngaGamesAgent.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    StartupFolder: c:\users\neo\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: NameServer = 207.69.188.185 207.69.188.186 207.69.188.187
    TCP: Interfaces\{09BA87FC-4812-4AB7-9F70-7F2673D689EC} : DHCPNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.1\ViProtocol.dll
    AppInit_DLLs= c:\windows\system32\guard32.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\neo\appdata\roaming\mozilla\firefox\profiles\4r90zrfk.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - mail.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5b58ad66-7407-49f5-a418-f5ca3486495d%7D&mid=3b2ef390e0bc47d0a324416272c2b050-d6891ef0191e67d6b38170ddd4be6d085fcee90e&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2020%3A33%3A43&sap=ku&q=
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.0.1\npsitesafety.dll
    FF - plugin: c:\program files\common files\doubletwist\NPPodcast.dll
    FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-8-9 178656]
    R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-8-10 35168]
    R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2012-6-4 19056]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-8-10 19808]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-9-12 151648]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-12 164704]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 31576]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 494416]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 36072]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 172032]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
    R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-7-27 6656]
    R2 SCBackService;Splashtop Connect Service;c:\program files\splashtop\splashtop connect\BackService.exe [2010-11-15 477000]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
    R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.1\ToolbarUpdater.exe [2013-1-23 945328]
    R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files\splashtop\splashtop connect firefox software updater\WCUService.exe [2011-3-23 493384]
    R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files\splashtop\splashtop connect ie software updater\WCUService.exe [2011-3-22 497480]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2012-6-4 88176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
    S3 AODDriver;AODDriver;c:\program files\gigabyte\et6\i386\AODDriver.sys [2010-3-12 36864]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2012-6-4 24944]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-6-6 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-6 1343400]
    .
    =============== Created Last 30 ================
    .
    2013-01-25 04:28:54 -------- d-----w- c:\windows\system32\appmgmt
    2013-01-15 18:29:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-01-09 22:25:11 -------- d-----w- c:\users\neo\appdata\local\Logitech® Webcam Software
    2013-01-09 12:31:25 2345984 ----a-w- c:\windows\system32\win32k.sys
    2013-01-09 12:31:24 492032 ----a-w- c:\windows\system32\win32spl.dll
    2013-01-09 12:31:20 1389568 ----a-w- c:\windows\system32\msxml6.dll
    2013-01-09 12:31:14 49152 ----a-w- c:\windows\system32\taskhost.exe
    2013-01-09 12:31:14 220160 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ==================== Find3M ====================
    .
    2013-01-24 03:12:33 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-01-09 12:41:12 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-09 12:41:12 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-07 23:37:55 36072 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-11-07 23:37:54 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-11-07 23:37:52 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-11-07 23:37:35 34024 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-11-07 23:37:34 301264 ----a-w- c:\windows\system32\guard32.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    .
    ============= FINISH: 15:03:49.19 ===============


    3) Attach

    .
    ==== Installed Programs ======================
    .
    @BIOS
    32 Bit HP CIO Components Installer
    7-Zip 9.22beta
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.5)
    Adobe Shockwave Player 11.6
    Advanced Uninstaller PRO - Version 11
    AMD Drag and Drop Transcoding
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    AutoGreen B10.1021.1
    AVG 2013
    AVG Security Toolbar
    Bonjour
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    ccc-core-static
    ccc-utility
    CCC Help English
    CDBurnerXP
    CDDRV_Installer
    Comodo Dragon
    COMODO Internet Security
    DJ_SF_06_D1600_SW_Min
    doubleTwist
    Easy Tune 6 B11.1124.1
    erLT
    ffdshow [rev 2527] [2008-12-19]
    HP Deskjet D1600 Printer Driver 14.0 Rel. 6
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 22
    JavaFX 2.1.1
    KhalInstallWrapper
    Logitech SetPoint
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Microsoft .NET Framework 4 Client Profile
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Maintenance Service
    ON_OFF Charge B11.1102.1
    OpenOffice.org 3.3
    Opera 12.12
    PeaZip 4.6.1
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Skype™ 6.0
    Splashtop Connect for Firefox
    Splashtop Connect IE
    swMSM
    The Lord of the Rings FREE Trial
    Toolbox
    TSR Watermark Image software version 2.2.0.7
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VLC media player 2.0.5
    Vuze
    .
    ==== End Of File ===========================


    4) ARK

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-25 15:13:24
    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-9YN162 rev.CC4D 931.51GB
    Running: 49896it7.exe; Driver: C:\Users\Neo\AppData\Local\Temp\uwldqpow.sys


    ---- System - GMER 2.0 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x90218FB0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x9021919C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x90218310]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x90218C16]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x902189CA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x90219D14]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x90217CFC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x902193CA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x90219746]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x902185D8]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0x90985118]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0x909851E8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x90218DF2]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x90984D4A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x90218872]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x90219A32]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x90218542]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0x90984F38]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0x90984FCE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x9021875E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x90984E00]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x90984E9C]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9098506A]

    ---- Kernel code sections - GMER 2.0 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C4CA49 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C864D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 82C8D50C 4 Bytes [B0, 8F, 21, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82C8D534 4 Bytes [9C, 91, 21, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 1193 82C8D5C8 4 Bytes [10, 83, 21, 90]
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 82C8D5E4 4 Bytes [16, 8C, 21, 90] {PUSH SS; MOV [ECX], FS; NOP }
    .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C8D62C 4 Bytes [CA, 89, 21, 90] {RETF 0x2189; NOP }
    .text ...
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91C36000, 0x2F786C, 0xE8000020]
    ? C:\Users\Neo\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe[284] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] kernel32.dll!CreateThread 7689DCC2 5 Bytes JMP 6A9175DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!EnableWindow 76A08D02 5 Bytes JMP 6A959EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!GetAsyncKeyState 76A0A256 5 Bytes JMP 6A8FDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CallNextHookEx 76A0ABE1 5 Bytes JMP 6A977FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!UnhookWindowsHookEx 76A0ADF9 5 Bytes JMP 6A99ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DefWindowProcA 76A0BB1C 7 Bytes JMP 6A919805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateWindowExA 76A0BF40 5 Bytes JMP 6A92363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!SetWindowsHookExW 76A0E30C 5 Bytes JMP 6A9525AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateWindowExW 76A0EC7C 5 Bytes JMP 6A9803CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!GetKeyState 76A12B4D 5 Bytes JMP 6A8FDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!IsDialogMessageW 76A14104 5 Bytes JMP 6AAA9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DefWindowProcW 76A1507D 7 Bytes JMP 6A978042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateDialogParamA 76A21F42 5 Bytes JMP 6AAA92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!IsDialogMessage 76A22019 5 Bytes JMP 6AAA9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxParamW 76A23B9B 5 Bytes JMP 6A8B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateDialogIndirectParamA 76A2721D 5 Bytes JMP 6AAA9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateDialogIndirectParamW 76A2EA10 5 Bytes JMP 6AAA9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxIndirectParamW 76A33B7F 5 Bytes JMP 6AAA8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!EndDialog 76A33BA3 5 Bytes JMP 6AAA9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!CreateDialogParamW 76A35630 5 Bytes JMP 6AAA9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!SetKeyboardState 76A3695A 5 Bytes JMP 6AAAA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!SendInput 76A37019 5 Bytes JMP 6AAAA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!SetCursorPos 76A4C1B0 5 Bytes JMP 6AAAA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxParamA 76A4CF42 5 Bytes JMP 6AAA8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!DialogBoxIndirectParamA 76A4D274 5 Bytes JMP 6AAA901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxIndirectA 76A5E869 5 Bytes JMP 6AAA8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxIndirectW 76A5E963 5 Bytes JMP 6AAA8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxExA 76A5E9C9 5 Bytes JMP 6AAA8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!MessageBoxExW 76A5E9ED 5 Bytes JMP 6AAA8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] USER32.dll!keybd_event 76A5EC3B 5 Bytes JMP 6AAAA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] SHELL32.dll!RealDriveType + 173D 7562FE30 4 Bytes [CF, 01, 10, 59] {IRET ; ADD [EAX], EDX; POP ECX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] SHELL32.dll!RealDriveType + 1745 7562FE38 8 Bytes [E0, 61, 0F, 59, 79, F7, 0F, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[356] ole32.dll!OleLoadFromStream 76B56143 5 Bytes JMP 6AAA9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Windows\system32\conhost.exe[524] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[524] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\spoolsv.exe[640] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[700] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] RPCRT4.dll!RpcServerRegisterIfEx 770009BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[880] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\conhost.exe[892] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[912] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 752C1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[912] ntdll.dll!NtReplyWaitReceivePort 77B46418 5 Bytes JMP 752C1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[912] ntdll.dll!NtReplyWaitReceivePortEx 77B46428 5 Bytes JMP 752C17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\49896it7.exe[916] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!RegisterRawInputDevices 76A05B52 5 Bytes JMP 10018F00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SystemParametersInfoA 76A080E0 7 Bytes JMP 1001C690 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SetParent 76A08314 5 Bytes JMP 10018980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!EnableWindow 76A08D02 5 Bytes JMP 10017EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!MoveWindow 76A08D29 5 Bytes JMP 10018C20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!GetAsyncKeyState 76A0A256 5 Bytes JMP 10019120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!RegisterHotKey 76A0AA19 5 Bytes JMP 10018140 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!PostThreadMessageA 76A0AD09 5 Bytes JMP 1001B980 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendMessageA 76A0AD60 5 Bytes JMP 1001B440 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!PostMessageA 76A0B446 5 Bytes JMP 1001BEC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendNotifyMessageW 76A0C88A 5 Bytes JMP 1001A160 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SystemParametersInfoW 76A0E09A 7 Bytes JMP 1001C470 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SetWindowsHookExW 76A0E30C 5 Bytes JMP 1001C8B0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendMessageTimeoutW 76A0E459 5 Bytes JMP 1001AC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!PostThreadMessageW 76A0EEFC 5 Bytes JMP 1001B6E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SetWinEventHook 76A124DC 5 Bytes JMP 1001C160 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!GetKeyState 76A12B4D 5 Bytes JMP 100193D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendMessageCallbackW 76A12F7B 5 Bytes JMP 1001A6A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!PostMessageW 76A1447B 5 Bytes JMP 1001BC20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendMessageW 76A15539 5 Bytes JMP 1001B1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!GetClipboardData 76A22BA7 5 Bytes JMP 10018370 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendNotifyMessageA 76A2493C 5 Bytes JMP 1001A400 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!mouse_event 76A26209 5 Bytes JMP 100297C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SetClipboardViewer 76A26FF6 5 Bytes JMP 10018780 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendDlgItemMessageW 76A270D8 5 Bytes JMP 10019C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendDlgItemMessageA 76A27241 5 Bytes JMP 10019EB0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!GetKeyboardState 76A36946 5 Bytes JMP 10019680 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!BlockInput 76A36A99 5 Bytes JMP 10018580 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SetWindowsHookExA 76A36D0C 5 Bytes JMP 1001CB20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendMessageTimeoutA 76A36DA9 5 Bytes JMP 1001AEE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendInput 76A37019 5 Bytes JMP 10019930 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!ExitWindowsEx 76A506C7 5 Bytes JMP 10017C90 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!keybd_event 76A5EC3B 5 Bytes JMP 100299D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] USER32.dll!SendMessageCallbackA 76A63E8B 5 Bytes JMP 1001A960 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!BitBlt 76F972C0 5 Bytes JMP 10029530 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!MaskBlt 76F9C7AD 5 Bytes JMP 10029280 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!StretchBlt 76F9F467 5 Bytes JMP 10028D50 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] GDI32.dll!PlgBlt 76FB0F73 5 Bytes JMP 10028FF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wininit.exe[976] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[988] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 752C1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[988] ntdll.dll!NtReplyWaitReceivePort 77B46418 5 Bytes JMP 752C1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\csrss.exe[988] ntdll.dll!NtReplyWaitReceivePortEx 77B46428 5 Bytes JMP 752C17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] services.exe 00871608 4 Bytes [20, E2, 01, 10] {AND DL, AH; ADD [EAX], EDX}
    .text C:\Windows\system32\services.exe[1028] services.exe 00871618 4 Bytes [00, DD, 01, 10] {ADD CH, BL; ADD [EAX], EDX}
    .text C:\Windows\system32\services.exe[1028] services.exe 00871638 4 Bytes [40, E5, 01, 10]
    .text C:\Windows\system32\services.exe[1028] services.exe 00871648 4 Bytes [80, DF, 01, 10]
    .text C:\Windows\system32\services.exe[1028] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] RPCRT4.dll!RpcServerRegisterIfEx 770009BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\services.exe[1028] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsass.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\lsm.exe[1052] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] RPCRT4.dll!RpcServerRegisterIfEx 770009BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1216] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] RPCRT4.dll!RpcServerRegisterIfEx 770009BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1300] rpcss.dll!CoGetComCatalog 747035EC 8 Bytes JMP EDF01001
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1364] ntdll.dll!NtAllocateVirtualMemory 77B452D8 5 Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1364] ntdll.dll!NtCreateFile 77B455C8 5 Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] kernel32.dll!CreateThread 7689DCC2 5 Bytes JMP 6A9175DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!EnableWindow 76A08D02 5 Bytes JMP 6A959EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!GetAsyncKeyState 76A0A256 5 Bytes JMP 6A8FDED5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CallNextHookEx 76A0ABE1 5 Bytes JMP 6A977FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!UnhookWindowsHookEx 76A0ADF9 5 Bytes JMP 6A99ED00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!DefWindowProcA 76A0BB1C 7 Bytes JMP 6A919805 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CreateWindowExA 76A0BF40 5 Bytes JMP 6A92363B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!SetWindowsHookExW 76A0E30C 5 Bytes JMP 6A9525AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CreateWindowExW 76A0EC7C 5 Bytes JMP 6A9803CF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!GetKeyState 76A12B4D 5 Bytes JMP 6A8FDDAB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!IsDialogMessageW 76A14104 5 Bytes JMP 6AAA9A7A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!DefWindowProcW 76A1507D 7 Bytes JMP 6A978042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CreateDialogParamA 76A21F42 5 Bytes JMP 6AAA92E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!IsDialogMessage 76A22019 5 Bytes JMP 6AAA9A52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!DialogBoxParamW 76A23B9B 5 Bytes JMP 6A8B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CreateDialogIndirectParamA 76A2721D 5 Bytes JMP 6AAA9358 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CreateDialogIndirectParamW 76A2EA10 5 Bytes JMP 6AAA9390 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!DialogBoxIndirectParamW 76A33B7F 5 Bytes JMP 6AAA8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!EndDialog 76A33BA3 5 Bytes JMP 6AAA9D26 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!CreateDialogParamW 76A35630 5 Bytes JMP 6AAA9320 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!SetKeyboardState 76A3695A 5 Bytes JMP 6AAAA341 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!SendInput 76A37019 5 Bytes JMP 6AAAA2E9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!SetCursorPos 76A4C1B0 5 Bytes JMP 6AAAA3C2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!DialogBoxParamA 76A4CF42 5 Bytes JMP 6AAA8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!DialogBoxIndirectParamA 76A4D274 5 Bytes JMP 6AAA901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!MessageBoxIndirectA 76A5E869 5 Bytes JMP 6AAA8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!MessageBoxIndirectW 76A5E963 5 Bytes JMP 6AAA8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!MessageBoxExA 76A5E9C9 5 Bytes JMP 6AAA8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!MessageBoxExW 76A5E9ED 5 Bytes JMP 6AAA8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] USER32.dll!keybd_event 76A5EC3B 5 Bytes JMP 6AAAA2A6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] SHELL32.dll!RealDriveType + 173D 7562FE30 4 Bytes [CF, 01, 10, 59] {IRET ; ADD [EAX], EDX; POP ECX}
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] SHELL32.dll!RealDriveType + 1745 7562FE38 8 Bytes [E0, 61, 0F, 59, 79, F7, 0F, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[1408] ole32.dll!OleLoadFromStream 76B56143 5 Bytes JMP 6AAA9784 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgcfgex.exe[1424] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1428] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atiesrxx.exe[1468] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[1540] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] RPCRT4.dll!RpcServerRegisterIfEx 770009BC 5 Bytes JMP 1001F870 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1576] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1584] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1608] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunesHelper.exe[1660] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[1688] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[1756] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1844] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\atieclxx.exe[1876] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\AUDIODG.EXE[1992] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgwdsvc.exe[2064] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2096] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2124] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\System32\svchost.exe[2192] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect\BackService.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[2292] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe[2336] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe[2416] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe[2436] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe[2968] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[3088] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Comodo\COMODO Internet Security\cfp.exe[3096] ntdll.dll!NtAllocateVirtualMemory 77B452D8 5 Bytes JMP 00780630 C:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe[3176] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3300] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] KERNEL32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] KERNEL32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] KERNEL32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3316] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG Secure Search\vprot.exe[3396] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!EnableWindow 76A08D02 5 Bytes JMP 6A959EB4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!DialogBoxParamW 76A23B9B 5 Bytes JMP 6A8B1893 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!DialogBoxIndirectParamW 76A33B7F 5 Bytes JMP 6AAA8FB6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!DialogBoxParamA 76A4CF42 5 Bytes JMP 6AAA8F51 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!DialogBoxIndirectParamA 76A4D274 5 Bytes JMP 6AAA901B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!MessageBoxIndirectA 76A5E869 5 Bytes JMP 6AAA8ED8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!MessageBoxIndirectW 76A5E963 5 Bytes JMP 6AAA8E5F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!MessageBoxExA 76A5E9C9 5 Bytes JMP 6AAA8DFB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] USER32.dll!MessageBoxExW 76A5E9ED 5 Bytes JMP 6AAA8D97 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3412] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\unsecapp.exe[3416] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3680] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\taskhost.exe[3776] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\wbem\wmiprvse.exe[3836] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Skype\Phone\Skype.exe[3880] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3896] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\sppsvc.exe[3916] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3968] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\AVG\AVG2013\avgui.exe[4016] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Dwm.exe[4052] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\Explorer.EXE[4076] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] KERNEL32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] KERNEL32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] KERNEL32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4108] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[4280] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[4284] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 027BB670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 027AD120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 027AD240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 027B7F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 027B5070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 027B5C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 027B3BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 027B8D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 027B8AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 027B9E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 027B9D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4312] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 027B44D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[4520] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iPod\bin\iPodService.exe[4788] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\svchost.exe[4948] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[5112] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\SearchIndexer.exe[5252] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Users\Neo\Downloads\HijackThis.exe[5388] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 60D2C5B0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7689941E 7 Bytes JMP 610761A4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] kernel32.dll!QueryPerformanceCounter + 13 7689C435 7 Bytes JMP 610761C7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] kernel32.dll!LoadAppInitDlls + 355 7689F4F6 7 Bytes JMP 60D4544E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] GDI32.dll!GetViewportOrgEx + 26C 76F9884B 7 Bytes JMP 61076125 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5588] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5756] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\iTunes\iTunes.exe[5880] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe[5884] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] USER32.dll!RegisterMessagePumpHook + 2F1 76A08B9E 7 Bytes JMP 612956D7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] USER32.dll!IsDialogMessageW + 340 76A14444 7 Bytes JMP 61295666 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)



    (CONTINUES PART 2/2)
     
  2. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    PART 2/2 of previous posting


    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] USER32.dll!GetWindowInfo 76A14B5E 5 Bytes JMP 60EEB5C8 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] USER32.dll!ToUnicodeEx + 71 76A22223 7 Bytes JMP 60EEBB81 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5908] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5948] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateFile + 6 77B455CE 4 Bytes [28, 00, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateFile + B 77B455D3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateKey + 6 77B4560E 4 Bytes [68, 01, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateKey + B 77B45613 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateMutant + 6 77B4564E 4 Bytes [68, 02, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateMutant + B 77B45653 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateSection + 6 77B456EE 4 Bytes [A8, 02, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtCreateSection + B 77B456F3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtMapViewOfSection + B 77B45C33 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenFile + 6 77B45CDE 4 Bytes [68, 00, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenFile + B 77B45CE3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenKey + 6 77B45D0E 4 Bytes [A8, 01, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenKey + B 77B45D13 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenKeyEx + B 77B45D23 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenMutant + 6 77B45D5E 4 Bytes [28, 02, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenMutant + B 77B45D63 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcess + 6 77B45D8E 1 Byte [68]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcess + 6 77B45D8E 4 Bytes [68, 03, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcess + B 77B45D93 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcessToken + 6 77B45D9E 1 Byte [A8]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcessToken + 6 77B45D9E 4 Bytes [A8, 03, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcessToken + B 77B45DA3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcessTokenEx + 6 77B45DAE 4 Bytes [68, 04, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenProcessTokenEx + B 77B45DB3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenSection + B 77B45DD3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThread + 6 77B45E0E 1 Byte [28]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThread + 6 77B45E0E 4 Bytes [28, 03, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThread + B 77B45E13 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThreadToken + 6 77B45E1E 4 Bytes [28, 04, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThreadToken + B 77B45E23 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThreadTokenEx + 6 77B45E2E 4 Bytes [A8, 04, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtOpenThreadTokenEx + B 77B45E33 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtQueryAttributesFile + 6 77B45F3E 4 Bytes [A8, 00, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtQueryAttributesFile + B 77B45F43 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtQueryFullAttributesFile + B 77B45FF3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtSetInformationFile + 6 77B4663E 4 Bytes [28, 01, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtSetInformationFile + B 77B46643 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtSetInformationThread + 6 77B4669E 1 Byte [E8]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtSetInformationThread + B 77B466A3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtUnmapViewOfSection + 6 77B469BE 4 Bytes [28, 05, 07, 00]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!NtUnmapViewOfSection + B 77B469C3 1 Byte [E2]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!DeleteObject 76F95F14 5 Bytes JMP 000A01B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SelectObject 76F96640 5 Bytes JMP 000A05F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetTextColor 76F96906 5 Bytes JMP 000A0A30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetBkMode 76F969B1 5 Bytes JMP 000A08F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetDeviceCaps 76F96F7F 5 Bytes JMP 000A03B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!ExtSelectClipRgn 76F97114 5 Bytes JMP 000A02F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SelectClipRgn 76F97242 5 Bytes JMP 000A05B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetStretchBltMode 76F97705 5 Bytes JMP 000A06B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetCurrentObject 76F97917 5 Bytes JMP 000A0370
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextMetricsW 76F97B8F 5 Bytes JMP 000A0E30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextAlign 76F97DAF 5 Bytes JMP 000A0D70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!IntersectClipRect 76F97DFE 5 Bytes JMP 000A03F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!ExtTextOutW 76F98192 5 Bytes JMP 000A0970
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetTextAlign 76F9828E 5 Bytes JMP 000A09F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetClipBox 76F98525 5 Bytes JMP 000A0330
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!MoveToEx 76F98C21 5 Bytes JMP 000A0470
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!StretchDIBits 76F9A53E 5 Bytes JMP 000A0770
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!RestoreDC 76F9A67B 5 Bytes JMP 000A0530
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SaveDC 76F9A74B 5 Bytes JMP 000A0570
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextExtentPoint32W 76F9B4B5 5 Bytes JMP 000A0670
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextFaceW 76F9B73A 2 Bytes JMP 000A0D30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextFaceW + 3 76F9B73D 2 Bytes [10, 89]
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetFontData 76F9BCC4 5 Bytes JMP 000A0C70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetWorldTransform 76F9C90A 5 Bytes JMP 000A06F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!CreateICW 76F9CFD0 5 Bytes JMP 000A0130
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextMetricsA 76F9D0F2 5 Bytes JMP 000A0DF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!Rectangle 76F9F1FF 5 Bytes JMP 000A09B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!LineTo 76F9F59B 5 Bytes JMP 000A0430
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetICMMode 76F9FAA4 5 Bytes JMP 000A0DB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!ExtTextOutA 76FA03F9 5 Bytes JMP 000A0930
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextExtentPoint32A 76FA07B0 5 Bytes JMP 000A0630
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!ExtEscape 76FA2949 5 Bytes JMP 000A02B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!Escape 76FA3939 5 Bytes JMP 000A0270
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetTextFaceA 76FA3E6A 5 Bytes JMP 000A0CF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetPolyFillMode 76FAD851 5 Bytes JMP 000A0B30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SetMiterLimit 76FADA0D 5 Bytes JMP 000A0B70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!EndPage 76FB00D7 5 Bytes JMP 000A0230
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!ResetDCW 76FB050D 5 Bytes JMP 000A0AB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!GetGlyphOutlineW 76FBC1BA 5 Bytes JMP 000A0CB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!CreateScalableFontResourceW 76FBE817 5 Bytes JMP 000A0BB0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!AddFontResourceW 76FBEC13 5 Bytes JMP 000A0BF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!RemoveFontResourceW 76FBF109 5 Bytes JMP 000A0C30
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!AbortDoc 76FC4C63 5 Bytes JMP 000A0030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!EndDoc 76FC50AA 5 Bytes JMP 000A01F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!StartPage 76FC5195 5 Bytes JMP 000A0730
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!StartDocW 76FC5BB0 5 Bytes JMP 000A07F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!BeginPath 76FC635D 5 Bytes JMP 000A0830
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!SelectClipPath 76FC63B4 5 Bytes JMP 000A0AF0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!CloseFigure 76FC640F 5 Bytes JMP 000A0070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!EndPath 76FC6466 5 Bytes JMP 000A0A70
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!StrokePath 76FC6699 5 Bytes JMP 000A07B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!FillPath 76FC6726 5 Bytes JMP 000A0870
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!PolylineTo 76FC6B94 5 Bytes JMP 000A04F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!PolyBezierTo 76FC6C25 5 Bytes JMP 000A04B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] GDI32.dll!PolyDraw 76FC6CD7 5 Bytes JMP 000A08B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!ActivateKeyboardLayout 76A08203 5 Bytes JMP 000B04F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!ScreenToClient 76A0A506 7 Bytes JMP 000B0670
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!RegisterClipboardFormatA 76A0C091 5 Bytes JMP 000B02F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!RegisterClipboardFormatW 76A0DF8D 5 Bytes JMP 000B02B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!SetCursor 76A13075 5 Bytes JMP 000B0530
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!MonitorFromWindow 76A13622 7 Bytes JMP 000B0630
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!PostMessageW 76A1447B 5 Bytes JMP 000B05F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!IsWindowVisible 76A14D69 7 Bytes JMP 000B06B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClientRect 76A154DD 7 Bytes JMP 000B05B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!MapWindowPoints 76A15CAA 5 Bytes JMP 000B0570
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetParent 76A16029 7 Bytes JMP 000B06F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!EmptyClipboard 76A2290C 5 Bytes JMP 000B0130
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!SetClipboardData 76A22962 5 Bytes JMP 000B0170
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClipboardData 76A22BA7 5 Bytes JMP 000B0030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClipboardFormatNameW 76A25FD2 5 Bytes JMP 000B0230
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!SetClipboardViewer 76A26FF6 5 Bytes JMP 000B04B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClipboardFormatNameA 76A2700A 5 Bytes JMP 000B0270
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!ChangeClipboardChain 76A3147C 5 Bytes JMP 000B0430
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetTopWindow 76A324D9 7 Bytes JMP 000B0730
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!CloseClipboard 76A3446C 5 Bytes JMP 000B00B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!OpenClipboard 76A3447E 5 Bytes JMP 000B0070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!IsClipboardFormatAvailable 76A344FF 5 Bytes JMP 000B00F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClipboardSequenceNumber 76A34513 5 Bytes JMP 000B0330
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClipboardOwner 76A34525 5 Bytes JMP 000B0370
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!CountClipboardFormats 76A3470A 5 Bytes JMP 000B01F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!EnumClipboardFormats 76A347EC 5 Bytes JMP 000B01B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetOpenClipboardWindow 76A3480B 5 Bytes JMP 000B03F0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!SetCursorPos 76A4C1B0 5 Bytes JMP 000B0770
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetClipboardViewer 76A64AF7 5 Bytes JMP 000B0470
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] USER32.dll!GetPriorityClipboardFormat 76A64BF9 5 Bytes JMP 000B03B0
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ole32.dll!OleSetClipboard 76BB0045 5 Bytes JMP 000C0030
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ole32.dll!OleIsCurrentClipboard 76BB36B2 5 Bytes JMP 000C0070
    .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] ole32.dll!OleGetClipboard 76BDFDCD 5 Bytes JMP 000C00B0
    .text C:\Windows\system32\NOTEPAD.EXE[6048] ntdll.dll!NtAlpcSendWaitReceivePort 77B45418 5 Bytes JMP 1002B670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] ntdll.dll!NtClose 77B454C8 5 Bytes JMP 1001D120 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] ntdll.dll!LdrUnloadDll 77B5C86E 7 Bytes JMP 1001D240 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] ntdll.dll!LdrLoadDll 77B6223E 5 Bytes JMP 10027F40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] kernel32.dll!CreateProcessW 7685204D 5 Bytes JMP 10025070 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] kernel32.dll!CreateProcessA 76852082 5 Bytes JMP 10025C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] kernel32.dll!CreateProcessAsUserW 768859FF 5 Bytes JMP 10023BA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] ADVAPI32.dll!CreateProcessAsUserA 76222538 5 Bytes JMP 100244D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] GDI32.dll!DeleteDC 76F96EAA 5 Bytes JMP 10028D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] GDI32.dll!GetPixel 76F9C3D5 5 Bytes JMP 10028AE0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] GDI32.dll!CreateDCA 76F9CCA9 5 Bytes JMP 10029E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Windows\system32\NOTEPAD.EXE[6048] GDI32.dll!CreateDCW 76F9CF79 5 Bytes JMP 10029D10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [5910029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [590F5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [59107F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [5910F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [5910F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [591107CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [5910FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [590F5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5910ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [590F63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5910B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [5910BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [5910C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [5910029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [590F5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [590F63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [5910C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [5910E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [5910AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [5910ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [5910B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [590F5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [5910FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [591107CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [5910939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [590F63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [5910029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [590F5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [59109229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [590FF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [590F5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [59100ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [5910F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [5910F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [5911072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [5910F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [59111542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [59111C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [590FFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [59111191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [590FF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [590FFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [59111095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [59111F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [591112D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [59110DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [59100178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [59111B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [5911194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [59111233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [590FF86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [590FF472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [591127C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [5911136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [59111284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [59110F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [59112769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [590FF9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [59112937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [590F7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [590FF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [590FE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [590F5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [5911140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [59111590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [59111F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [59100123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [5911218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [59111BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [590FFACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [591119EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [590FFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [591120D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [59112B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [59112028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [59110F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [590F4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [59110D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [590FFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [591118A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [59111CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [5911171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [591117B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [590F4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [59108C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [5910CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [5910D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [5910D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [5910C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5910B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [5910B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [5910A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [5910E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5910ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [5910A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [59109AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [5910E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [5910E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [59109F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [5910BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [5910A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [590FF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [59111F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [59112028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [59112B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [59112B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [59100178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [590F64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [590F4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [590F4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [590F4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [590F6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[356] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [5910029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [590F5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [59107F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [5910F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [5910F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [591107CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [5910FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [590F5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5910ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [590F63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5910B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [5910BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [5910C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [5910029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [590F5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [590F63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [5910C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [5910E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [5910AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [5910ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [5910B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [590F5EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [5910FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [591107CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [5910939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [590F63E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [5910029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [590F5F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [59109229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [590FF1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [590F5E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [59100ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [5910F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [5910F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [5911072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [5910F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [59111542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [59111C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [590FFA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [59111191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [590FF725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [590FFB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [59111095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [59111F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [591112D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [59110DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [59100178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [59111B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [5911194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [59111233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [590FF86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [590FF472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [591127C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [5911136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [59111284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [59110F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [59112769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [590FF9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [59112937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [590F7430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [590FF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [590FE265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [590F5D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [5911140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [59111590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [59111F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [59100123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [5911218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [59111BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [590FFACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [591119EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [590FFC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [591120D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [59112B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [59112028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [59110F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [590F4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [59110D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [590FFA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [591118A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [59111CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [5911171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [591117B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [590F4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [59108C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [5910CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [5910D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [5910D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [5910C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5910B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [5910B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [5910A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [5910E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5910ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [5910A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [59109AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [5910E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [5910E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [59109F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [5910BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [5910A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [590F4E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [590F6D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [590FF6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [59111F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [59112028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [59112B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [59112B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [59100178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [590F64C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [590F4CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [590F4927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [590F4984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [590F6528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[1408] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [590F47BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [71F824CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [71F6562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [71F656EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [71F82546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [71F785AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [71F74D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [71F75105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [71F751DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [71F76707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [71F78301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [71F78850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [71F790B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [71F7E254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4076] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [71F74C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Users\Neo\Downloads\HijackThis.exe[5388] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7517FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Neo\Downloads\HijackThis.exe[5388] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7517FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Neo\Downloads\HijackThis.exe[5388] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7517FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Neo\Downloads\HijackThis.exe[5388] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7517FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\Neo\Downloads\HijackThis.exe[5388] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7517FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 000B0790
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 000B07D0
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090
    IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[5968] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090

    ---- EOF - GMER 2.0 ----vvv
     
  3. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    After restarting Windows 7 I get a black screen with white letters that go away fast and mention a couple of things:
    1) Disk C can not be read properly (this is my own interpretation)
    2) Autocheck (?)

    Can you please HELP ME? I have no idea of what to do to fix my PC.
     
  4. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    Somehow my post is being ignored. Please help me
     
  5. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    I downloaded some files to my PC and I kept getting messages about changing my registry, at first I thought it was normal but now I am getting to the point that infection is spreading over my registry.
    I started my own cleaning by downloading TDSSKiller.exe and this is my log:

    04:21:57.0027 0260 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    04:21:57.0327 0260 ============================================================
    04:21:57.0327 0260 Current date / time: 2013/01/29 04:21:57.0327
    04:21:57.0327 0260 SystemInfo:
    04:21:57.0327 0260
    04:21:57.0327 0260 OS Version: 6.1.7601 ServicePack: 1.0
    04:21:57.0327 0260 Product type: Workstation
    04:21:57.0327 0260 ComputerName: NEO-PC
    04:21:57.0327 0260 UserName: Neo
    04:21:57.0327 0260 Windows directory: C:\Windows
    04:21:57.0327 0260 System windows directory: C:\Windows
    04:21:57.0327 0260 Processor architecture: Intel x86
    04:21:57.0327 0260 Number of processors: 6
    04:21:57.0327 0260 Page size: 0x1000
    04:21:57.0327 0260 Boot type: Normal boot
    04:21:57.0327 0260 ============================================================
    04:21:58.0867 0260 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
    04:21:58.0887 0260 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    04:21:58.0892 0260 ============================================================
    04:21:58.0892 0260 \Device\Harddisk0\DR0:
    04:21:58.0892 0260 MBR partitions:
    04:21:58.0892 0260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    04:21:58.0892 0260 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    04:21:58.0892 0260 \Device\Harddisk1\DR1:
    04:21:58.0892 0260 MBR partitions:
    04:21:58.0892 0260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
    04:21:58.0892 0260 ============================================================
    04:21:58.0927 0260 C: <-> \Device\Harddisk0\DR0\Partition2
    04:21:58.0927 0260 E: <-> \Device\Harddisk1\DR1\Partition1
    04:21:58.0932 0260 ============================================================
    04:21:58.0932 0260 Initialize success
    04:21:58.0932 0260 ============================================================
    04:22:01.0968 6236 ============================================================
    04:22:01.0968 6236 Scan started
    04:22:01.0968 6236 Mode: Manual;
    04:22:01.0968 6236 ============================================================
    04:22:04.0932 6236 ================ Scan system memory ========================
    04:22:04.0932 6236 System memory - ok
    04:22:04.0932 6236 ================ Scan services =============================
    04:22:05.0407 6236 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    04:22:05.0447 6236 1394ohci - ok
    04:22:05.0472 6236 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    04:22:05.0477 6236 ACPI - ok
    04:22:05.0497 6236 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    04:22:05.0497 6236 AcpiPmi - ok
    04:22:05.0582 6236 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    04:22:05.0582 6236 AdobeARMservice - ok
    04:22:05.0632 6236 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    04:22:05.0637 6236 AdobeFlashPlayerUpdateSvc - ok
    04:22:05.0672 6236 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    04:22:05.0677 6236 adp94xx - ok
    04:22:05.0687 6236 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    04:22:05.0692 6236 adpahci - ok
    04:22:05.0707 6236 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    04:22:05.0707 6236 adpu320 - ok
    04:22:05.0722 6236 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    04:22:05.0722 6236 AeLookupSvc - ok
    04:22:05.0783 6236 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    04:22:05.0793 6236 AFD - ok
    04:22:05.0818 6236 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    04:22:05.0818 6236 agp440 - ok
    04:22:05.0828 6236 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    04:22:05.0833 6236 aic78xx - ok
    04:22:05.0878 6236 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    04:22:05.0888 6236 ALG - ok
    04:22:05.0913 6236 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    04:22:05.0918 6236 aliide - ok
    04:22:05.0948 6236 [ 8570625CA5DBD8083BEA7CB73065B53D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    04:22:05.0953 6236 AMD External Events Utility - ok
    04:22:05.0968 6236 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    04:22:05.0968 6236 amdagp - ok
    04:22:05.0988 6236 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    04:22:05.0993 6236 amdide - ok
    04:22:05.0998 6236 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    04:22:06.0008 6236 AmdK8 - ok
    04:22:06.0068 6236 [ C22BDFCBED2596692096F85A9BF54358 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    04:22:06.0163 6236 amdkmdag - ok
    04:22:06.0193 6236 [ CC6A16CE23DBC94A59F8E821558D5754 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    04:22:06.0193 6236 amdkmdap - ok
    04:22:06.0213 6236 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    04:22:06.0223 6236 AmdPPM - ok
    04:22:06.0238 6236 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    04:22:06.0238 6236 amdsata - ok
    04:22:06.0253 6236 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    04:22:06.0255 6236 amdsbs - ok
    04:22:06.0277 6236 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    04:22:06.0278 6236 amdxata - ok
    04:22:06.0326 6236 [ 5BD30B502168013C9EA03A5C2F1C9776 ] AODDriver C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
    04:22:06.0329 6236 AODDriver - ok
    04:22:06.0373 6236 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    04:22:06.0378 6236 AppID - ok
    04:22:06.0407 6236 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    04:22:06.0410 6236 AppIDSvc - ok
    04:22:06.0431 6236 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
    04:22:06.0433 6236 Appinfo - ok
    04:22:06.0470 6236 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    04:22:06.0474 6236 Apple Mobile Device - ok
    04:22:06.0508 6236 [ F5F0F78286A849BC0E45E0E99065B04F ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    04:22:06.0523 6236 AppleCharger - ok
    04:22:06.0541 6236 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    04:22:06.0545 6236 AppleChargerSrv - ok
    04:22:06.0613 6236 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
    04:22:06.0628 6236 AppMgmt - ok
    04:22:06.0638 6236 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    04:22:06.0638 6236 arc - ok
    04:22:06.0648 6236 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    04:22:06.0648 6236 arcsas - ok
    04:22:06.0673 6236 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    04:22:06.0673 6236 AsyncMac - ok
    04:22:06.0688 6236 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    04:22:06.0688 6236 atapi - ok
    04:22:06.0788 6236 [ C22BDFCBED2596692096F85A9BF54358 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    04:22:06.0813 6236 atikmdag - ok
    04:22:06.0843 6236 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    04:22:06.0848 6236 AudioEndpointBuilder - ok
    04:22:06.0853 6236 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    04:22:06.0858 6236 Audiosrv - ok
    04:22:07.0018 6236 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    04:22:07.0108 6236 AVGIDSAgent - ok
    04:22:07.0163 6236 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
    04:22:07.0173 6236 AVGIDSDriver - ok
    04:22:07.0238 6236 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
    04:22:07.0248 6236 AVGIDSHX - ok
    04:22:07.0278 6236 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
    04:22:07.0293 6236 AVGIDSShim - ok
    04:22:07.0348 6236 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
    04:22:07.0353 6236 Avgldx86 - ok
    04:22:07.0398 6236 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
    04:22:07.0403 6236 Avglogx - ok
    04:22:07.0428 6236 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
    04:22:07.0433 6236 Avgmfx86 - ok
    04:22:07.0468 6236 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
    04:22:07.0473 6236 Avgrkx86 - ok
    04:22:07.0493 6236 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
    04:22:07.0498 6236 Avgtdix - ok
    04:22:07.0518 6236 [ 740970262714E0575F23A917A2A53A31 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
    04:22:07.0523 6236 avgtp - ok
    04:22:07.0548 6236 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    04:22:07.0553 6236 avgwd - ok
    04:22:07.0613 6236 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    04:22:07.0628 6236 AxInstSV - ok
    04:22:07.0653 6236 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    04:22:07.0658 6236 b06bdrv - ok
    04:22:07.0703 6236 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    04:22:07.0703 6236 b57nd60x - ok
    04:22:07.0723 6236 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    04:22:07.0728 6236 BDESVC - ok
    04:22:07.0738 6236 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    04:22:07.0738 6236 Beep - ok
    04:22:07.0778 6236 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    04:22:07.0778 6236 BFE - ok
    04:22:07.0818 6236 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
    04:22:07.0868 6236 BITS - ok
    04:22:07.0893 6236 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    04:22:07.0898 6236 blbdrive - ok
    04:22:07.0938 6236 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    04:22:07.0943 6236 Bonjour Service - ok
    04:22:07.0968 6236 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    04:22:07.0968 6236 bowser - ok
    04:22:07.0973 6236 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    04:22:07.0978 6236 BrFiltLo - ok
    04:22:07.0988 6236 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    04:22:07.0988 6236 BrFiltUp - ok
    04:22:08.0008 6236 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    04:22:08.0008 6236 Browser - ok
    04:22:08.0028 6236 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    04:22:08.0028 6236 Brserid - ok
    04:22:08.0043 6236 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    04:22:08.0043 6236 BrSerWdm - ok
    04:22:08.0053 6236 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    04:22:08.0053 6236 BrUsbMdm - ok
    04:22:08.0063 6236 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    04:22:08.0068 6236 BrUsbSer - ok
    04:22:08.0083 6236 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    04:22:08.0083 6236 BTHMODEM - ok
    04:22:08.0088 6236 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    04:22:08.0093 6236 bthserv - ok
    04:22:08.0098 6236 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    04:22:08.0098 6236 cdfs - ok
    04:22:08.0128 6236 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    04:22:08.0128 6236 cdrom - ok
    04:22:08.0193 6236 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    04:22:08.0193 6236 CertPropSvc - ok
    04:22:08.0208 6236 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    04:22:08.0208 6236 circlass - ok
    04:22:08.0223 6236 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    04:22:08.0223 6236 CLFS - ok
    04:22:08.0383 6236 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    04:22:08.0393 6236 clr_optimization_v2.0.50727_32 - ok
    04:22:08.0478 6236 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    04:22:08.0513 6236 clr_optimization_v4.0.30319_32 - ok
    04:22:08.0538 6236 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    04:22:08.0538 6236 CmBatt - ok
    04:22:08.0633 6236 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    04:22:08.0663 6236 cmdAgent - ok
    04:22:08.0688 6236 [ A1865742BBCF4C5F38FEE1258F8048FD ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
    04:22:08.0693 6236 cmdGuard - ok
    04:22:08.0703 6236 [ 221D000474F01B1606FFC3FF362D9333 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
    04:22:08.0703 6236 cmdHlp - ok
    04:22:08.0728 6236 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    04:22:08.0728 6236 cmdide - ok
    04:22:08.0758 6236 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    04:22:08.0763 6236 CNG - ok
    04:22:08.0773 6236 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    04:22:08.0778 6236 Compbatt - ok
    04:22:08.0798 6236 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    04:22:08.0798 6236 CompositeBus - ok
    04:22:08.0818 6236 COMSysApp - ok
    04:22:08.0833 6236 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    04:22:08.0833 6236 crcdisk - ok
    04:22:08.0878 6236 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
    04:22:08.0883 6236 CryptSvc - ok
    04:22:08.0898 6236 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
    04:22:08.0913 6236 CSC - ok
    04:22:08.0958 6236 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
    04:22:08.0968 6236 CscService - ok
    04:22:08.0978 6236 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    04:22:08.0983 6236 DcomLaunch - ok
    04:22:09.0008 6236 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    04:22:09.0013 6236 defragsvc - ok
    04:22:09.0018 6236 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    04:22:09.0018 6236 DfsC - ok
    04:22:09.0038 6236 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    04:22:09.0043 6236 Dhcp - ok
    04:22:09.0053 6236 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    04:22:09.0053 6236 discache - ok
    04:22:09.0063 6236 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    04:22:09.0068 6236 Disk - ok
    04:22:09.0093 6236 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    04:22:09.0093 6236 Dnscache - ok
    04:22:09.0103 6236 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    04:22:09.0108 6236 dot3svc - ok
    04:22:09.0148 6236 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    04:22:09.0163 6236 Dot4 - ok
    04:22:09.0188 6236 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    04:22:09.0188 6236 Dot4Print - ok
    04:22:09.0198 6236 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    04:22:09.0198 6236 dot4usb - ok
    04:22:09.0213 6236 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    04:22:09.0213 6236 DPS - ok
    04:22:09.0233 6236 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    04:22:09.0233 6236 drmkaud - ok
    04:22:09.0263 6236 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    04:22:09.0283 6236 DXGKrnl - ok
    04:22:09.0303 6236 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    04:22:09.0308 6236 EapHost - ok
    04:22:09.0368 6236 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    04:22:09.0408 6236 ebdrv - ok
    04:22:09.0418 6236 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    04:22:09.0418 6236 EFS - ok
    04:22:09.0493 6236 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    04:22:09.0533 6236 ehRecvr - ok
    04:22:09.0563 6236 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    04:22:09.0603 6236 ehSched - ok
    04:22:09.0623 6236 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    04:22:09.0633 6236 elxstor - ok
    04:22:09.0643 6236 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    04:22:09.0648 6236 ErrDev - ok
    04:22:09.0683 6236 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    04:22:09.0683 6236 EventSystem - ok
    04:22:09.0693 6236 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    04:22:09.0698 6236 exfat - ok
    04:22:09.0713 6236 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    04:22:09.0713 6236 fastfat - ok
    04:22:09.0758 6236 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    04:22:09.0763 6236 Fax - ok
    04:22:09.0778 6236 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    04:22:09.0778 6236 fdc - ok
    04:22:09.0783 6236 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    04:22:09.0788 6236 fdPHost - ok
    04:22:09.0788 6236 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    04:22:09.0793 6236 FDResPub - ok
    04:22:09.0803 6236 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    04:22:09.0808 6236 FileInfo - ok
    04:22:09.0829 6236 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    04:22:09.0829 6236 Filetrace - ok
    04:22:09.0849 6236 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    04:22:09.0849 6236 flpydisk - ok
    04:22:09.0859 6236 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    04:22:09.0864 6236 FltMgr - ok
    04:22:09.0879 6236 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
    04:22:09.0889 6236 FontCache - ok
    04:22:09.0949 6236 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    04:22:09.0964 6236 FontCache3.0.0.0 - ok
    04:22:09.0979 6236 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    04:22:09.0979 6236 FsDepends - ok
    04:22:09.0999 6236 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    04:22:10.0019 6236 Fs_Rec - ok
    04:22:10.0039 6236 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    04:22:10.0039 6236 fvevol - ok
    04:22:10.0049 6236 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    04:22:10.0049 6236 gagp30kx - ok
    04:22:10.0079 6236 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\Windows\gdrv.sys
    04:22:10.0079 6236 gdrv - ok
    04:22:10.0109 6236 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    04:22:10.0114 6236 GEARAspiWDM - ok
    04:22:10.0139 6236 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    04:22:10.0149 6236 gpsvc - ok
    04:22:10.0199 6236 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\Windows\system32\Drivers\GVTDrv.sys
    04:22:10.0214 6236 GVTDrv - ok
    04:22:10.0234 6236 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    04:22:10.0244 6236 hcw85cir - ok
    04:22:10.0279 6236 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    04:22:10.0284 6236 HdAudAddService - ok
    04:22:10.0304 6236 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    04:22:10.0304 6236 HDAudBus - ok
    04:22:10.0314 6236 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    04:22:10.0314 6236 HidBatt - ok
    04:22:10.0324 6236 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    04:22:10.0324 6236 HidBth - ok
    04:22:10.0334 6236 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    04:22:10.0334 6236 HidIr - ok
    04:22:10.0339 6236 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    04:22:10.0339 6236 hidserv - ok
    04:22:10.0359 6236 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    04:22:10.0364 6236 HidUsb - ok
    04:22:10.0389 6236 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    04:22:10.0394 6236 hkmsvc - ok
    04:22:10.0409 6236 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    04:22:10.0419 6236 HomeGroupListener - ok
    04:22:10.0444 6236 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    04:22:10.0444 6236 HomeGroupProvider - ok
    04:22:10.0464 6236 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    04:22:10.0464 6236 HpSAMD - ok
    04:22:10.0489 6236 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    04:22:10.0494 6236 HTTP - ok
    04:22:10.0499 6236 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    04:22:10.0499 6236 hwpolicy - ok
    04:22:10.0514 6236 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    04:22:10.0519 6236 i8042prt - ok
    04:22:10.0529 6236 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    04:22:10.0529 6236 iaStorV - ok
    04:22:10.0554 6236 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    04:22:10.0809 6236 IDriverT - ok
    04:22:10.0874 6236 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    04:22:10.0894 6236 idsvc - ok
    04:22:10.0924 6236 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    04:22:10.0929 6236 iirsp - ok
    04:22:10.0949 6236 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    04:22:10.0954 6236 IKEEXT - ok
    04:22:10.0969 6236 [ 3B6BE2DA5993B1E38613976FAF4AC83E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
    04:22:10.0974 6236 inspect - ok
    04:22:11.0054 6236 [ 345AC48D17F5C2F2AA1EE50D34C3978B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    04:22:11.0099 6236 IntcAzAudAddService - ok
    04:22:11.0114 6236 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    04:22:11.0114 6236 intelide - ok
    04:22:11.0129 6236 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    04:22:11.0134 6236 intelppm - ok
    04:22:11.0149 6236 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    04:22:11.0149 6236 IPBusEnum - ok
    04:22:11.0154 6236 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    04:22:11.0154 6236 IpFilterDriver - ok
    04:22:11.0219 6236 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    04:22:11.0234 6236 iphlpsvc - ok
    04:22:11.0259 6236 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    04:22:11.0259 6236 IPMIDRV - ok
    04:22:11.0269 6236 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    04:22:11.0274 6236 IPNAT - ok
    04:22:11.0314 6236 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    04:22:11.0349 6236 iPod Service - ok
    04:22:11.0384 6236 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys
    04:22:11.0384 6236 iPodDrv - ok
    04:22:11.0404 6236 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    04:22:11.0414 6236 IRENUM - ok
    04:22:11.0429 6236 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    04:22:11.0434 6236 isapnp - ok
    04:22:11.0449 6236 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    04:22:11.0454 6236 iScsiPrt - ok
    04:22:11.0469 6236 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    04:22:11.0474 6236 kbdclass - ok
    04:22:11.0484 6236 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    04:22:11.0484 6236 kbdhid - ok
    04:22:11.0494 6236 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    04:22:11.0499 6236 KeyIso - ok
    04:22:11.0514 6236 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    04:22:11.0514 6236 KSecDD - ok
    04:22:11.0539 6236 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    04:22:11.0539 6236 KSecPkg - ok
    04:22:11.0559 6236 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    04:22:11.0564 6236 KtmRm - ok
    04:22:11.0599 6236 [ 25046613DFA30A7361996F15901CA0DE ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
    04:22:11.0604 6236 L1C - ok
    04:22:11.0644 6236 [ D88846F9F4F27AE9BE584A6E5B6B8753 ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
    04:22:11.0649 6236 L8042Kbd - ok
    04:22:11.0664 6236 [ BEA61FDA2103F6F51B14EB0872E8A050 ] L8042mou C:\Windows\system32\DRIVERS\L8042mou.Sys
    04:22:11.0664 6236 L8042mou - ok
    04:22:11.0679 6236 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    04:22:11.0684 6236 LanmanServer - ok
    04:22:11.0689 6236 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    04:22:11.0699 6236 LanmanWorkstation - ok
    04:22:11.0739 6236 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    04:22:11.0739 6236 lltdio - ok
    04:22:11.0754 6236 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    04:22:11.0759 6236 lltdsvc - ok
    04:22:11.0764 6236 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    04:22:11.0769 6236 lmhosts - ok
    04:22:11.0779 6236 [ CAB504E38FCED9A56D87D838E9BA13E9 ] LMouKE C:\Windows\system32\DRIVERS\LMouKE.Sys
    04:22:11.0784 6236 LMouKE - ok
    04:22:11.0809 6236 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    04:22:11.0814 6236 LSI_FC - ok
    04:22:11.0829 6236 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    04:22:11.0829 6236 LSI_SAS - ok
    04:22:11.0859 6236 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    04:22:11.0859 6236 LSI_SAS2 - ok
    04:22:11.0874 6236 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    04:22:11.0879 6236 LSI_SCSI - ok
    04:22:11.0894 6236 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    04:22:11.0899 6236 luafv - ok
    04:22:11.0939 6236 [ AF280405C10F0D20F37670B7432E5C2F ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys
    04:22:11.0954 6236 lvpopflt - ok
    04:22:11.0999 6236 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    04:22:12.0019 6236 LVPr2Mon - ok
    04:22:12.0069 6236 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
    04:22:12.0079 6236 LVRS - ok
    04:22:12.0169 6236 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
    04:22:12.0229 6236 LVUVC - ok
    04:22:12.0259 6236 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    04:22:12.0264 6236 Mcx2Svc - ok
    04:22:12.0274 6236 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    04:22:12.0274 6236 megasas - ok
    04:22:12.0294 6236 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    04:22:12.0299 6236 MegaSR - ok
    04:22:12.0314 6236 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    04:22:12.0314 6236 MMCSS - ok
    04:22:12.0329 6236 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    04:22:12.0329 6236 Modem - ok
    04:22:12.0344 6236 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    04:22:12.0344 6236 monitor - ok
    04:22:12.0374 6236 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    04:22:12.0374 6236 mouclass - ok
    04:22:12.0384 6236 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    04:22:12.0389 6236 mouhid - ok
    04:22:12.0419 6236 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    04:22:12.0424 6236 mountmgr - ok
    04:22:12.0449 6236 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    04:22:12.0454 6236 MozillaMaintenance - ok
    04:22:12.0474 6236 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    04:22:12.0479 6236 mpio - ok
    04:22:12.0494 6236 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    04:22:12.0499 6236 mpsdrv - ok
    04:22:12.0529 6236 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    04:22:12.0539 6236 MpsSvc - ok
    04:22:12.0554 6236 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    04:22:12.0554 6236 MRxDAV - ok
    04:22:12.0579 6236 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    04:22:12.0604 6236 mrxsmb - ok
    04:22:12.0624 6236 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    04:22:12.0634 6236 mrxsmb10 - ok
    04:22:12.0654 6236 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    04:22:12.0659 6236 mrxsmb20 - ok
    04:22:12.0664 6236 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    04:22:12.0669 6236 msahci - ok
    04:22:12.0679 6236 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    04:22:12.0679 6236 msdsm - ok
    04:22:12.0694 6236 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    04:22:12.0699 6236 MSDTC - ok
    04:22:12.0719 6236 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    04:22:12.0719 6236 Msfs - ok
    04:22:12.0734 6236 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    04:22:12.0734 6236 mshidkmdf - ok
    04:22:12.0739 6236 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    04:22:12.0739 6236 msisadrv - ok
    04:22:12.0749 6236 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    04:22:12.0754 6236 MSiSCSI - ok
    04:22:12.0759 6236 msiserver - ok
    04:22:12.0774 6236 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    04:22:12.0774 6236 MSKSSRV - ok
    04:22:12.0789 6236 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    04:22:12.0789 6236 MSPCLOCK - ok
    04:22:12.0794 6236 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    04:22:12.0794 6236 MSPQM - ok
    04:22:12.0804 6236 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    04:22:12.0804 6236 MsRPC - ok
    04:22:12.0814 6236 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    04:22:12.0814 6236 mssmbios - ok
    04:22:12.0829 6236 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    04:22:12.0834 6236 MSTEE - ok
    04:22:12.0839 6236 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    04:22:12.0839 6236 MTConfig - ok
    04:22:12.0849 6236 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    04:22:12.0849 6236 Mup - ok
    04:22:12.0859 6236 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    04:22:12.0864 6236 napagent - ok
    04:22:12.0869 6236 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    04:22:12.0874 6236 NativeWifiP - ok
    04:22:12.0884 6236 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
    04:22:12.0889 6236 NDIS - ok
    04:22:12.0904 6236 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    04:22:12.0904 6236 NdisCap - ok
    04:22:12.0924 6236 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    04:22:12.0924 6236 NdisTapi - ok
    04:22:12.0949 6236 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    04:22:12.0949 6236 Ndisuio - ok
    04:22:12.0979 6236 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    04:22:12.0979 6236 NdisWan - ok
    04:22:12.0989 6236 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    04:22:12.0989 6236 NDProxy - ok
    04:22:13.0049 6236 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    04:22:13.0054 6236 Net Driver HPZ12 - ok
    04:22:13.0069 6236 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    04:22:13.0074 6236 NetBIOS - ok
    04:22:13.0079 6236 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    04:22:13.0084 6236 NetBT - ok
    04:22:13.0094 6236 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    04:22:13.0094 6236 Netlogon - ok
    04:22:13.0134 6236 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    04:22:13.0139 6236 Netman - ok
    04:22:13.0154 6236 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    04:22:13.0154 6236 netprofm - ok
    04:22:13.0169 6236 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    04:22:13.0169 6236 NetTcpPortSharing - ok
    04:22:13.0184 6236 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    04:22:13.0184 6236 nfrd960 - ok
    04:22:13.0199 6236 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    04:22:13.0199 6236 NlaSvc - ok
    04:22:13.0209 6236 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    04:22:13.0214 6236 Npfs - ok
    04:22:13.0224 6236 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    04:22:13.0224 6236 nsi - ok
    04:22:13.0234 6236 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    04:22:13.0234 6236 nsiproxy - ok
    04:22:13.0294 6236 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    04:22:13.0319 6236 Ntfs - ok
    04:22:13.0339 6236 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    04:22:13.0339 6236 Null - ok
    04:22:13.0349 6236 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    04:22:13.0349 6236 nvraid - ok
    04:22:13.0359 6236 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    04:22:13.0364 6236 nvstor - ok
    04:22:13.0374 6236 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    04:22:13.0379 6236 nv_agp - ok
    04:22:13.0389 6236 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    04:22:13.0394 6236 ohci1394 - ok
    04:22:13.0404 6236 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    04:22:13.0409 6236 p2pimsvc - ok
    04:22:13.0424 6236 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    04:22:13.0429 6236 p2psvc - ok
    04:22:13.0449 6236 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    04:22:13.0449 6236 Parport - ok
    04:22:13.0474 6236 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    04:22:13.0474 6236 partmgr - ok
    04:22:13.0479 6236 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    04:22:13.0484 6236 Parvdm - ok
    04:22:13.0494 6236 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    04:22:13.0499 6236 PcaSvc - ok
    04:22:13.0504 6236 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    04:22:13.0504 6236 pci - ok
    04:22:13.0514 6236 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    04:22:13.0514 6236 pciide - ok
    04:22:13.0519 6236 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    04:22:13.0519 6236 pcmcia - ok
    04:22:13.0529 6236 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    04:22:13.0529 6236 pcw - ok
    04:22:13.0554 6236 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    04:22:13.0559 6236 PEAUTH - ok
    04:22:13.0584 6236 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    04:22:13.0599 6236 PeerDistSvc - ok
    04:22:13.0634 6236 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    04:22:13.0659 6236 pla - ok
    04:22:13.0729 6236 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    04:22:13.0744 6236 PlugPlay - ok
    04:22:13.0764 6236 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    04:22:13.0769 6236 Pml Driver HPZ12 - ok
    04:22:13.0794 6236 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    04:22:13.0799 6236 PNRPAutoReg - ok
    04:22:13.0804 6236 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    04:22:13.0809 6236 PNRPsvc - ok
    04:22:13.0824 6236 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    04:22:13.0829 6236 PolicyAgent - ok
    04:22:13.0844 6236 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    04:22:13.0849 6236 Power - ok
    04:22:13.0864 6236 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    04:22:13.0869 6236 PptpMiniport - ok
    04:22:13.0874 6236 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    04:22:13.0879 6236 Processor - ok
    04:22:13.0919 6236 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    04:22:13.0934 6236 ProfSvc - ok
    04:22:13.0954 6236 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    04:22:13.0959 6236 ProtectedStorage - ok
    04:22:13.0984 6236 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    04:22:13.0989 6236 Psched - ok
    04:22:14.0019 6236 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    04:22:14.0044 6236 ql2300 - ok
    04:22:14.0064 6236 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    04:22:14.0069 6236 ql40xx - ok
    04:22:14.0074 6236 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    04:22:14.0079 6236 QWAVE - ok
    04:22:14.0089 6236 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    04:22:14.0094 6236 QWAVEdrv - ok
    04:22:14.0099 6236 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    04:22:14.0099 6236 RasAcd - ok
    04:22:14.0124 6236 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    04:22:14.0124 6236 RasAgileVpn - ok
    04:22:14.0134 6236 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    04:22:14.0134 6236 RasAuto - ok
    04:22:14.0154 6236 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    04:22:14.0159 6236 Rasl2tp - ok
    04:22:14.0199 6236 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    04:22:14.0204 6236 RasMan - ok
    04:22:14.0239 6236 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    04:22:14.0239 6236 RasPppoe - ok
    04:22:14.0259 6236 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    04:22:14.0264 6236 RasSstp - ok
    04:22:14.0269 6236 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    04:22:14.0274 6236 rdbss - ok
    04:22:14.0289 6236 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    04:22:14.0289 6236 rdpbus - ok
    04:22:14.0324 6236 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    04:22:14.0329 6236 RDPCDD - ok
    04:22:14.0339 6236 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    04:22:14.0354 6236 RDPDR - ok
    04:22:14.0374 6236 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    04:22:14.0379 6236 RDPENCDD - ok
    04:22:14.0379 6236 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    04:22:14.0384 6236 RDPREFMP - ok
    04:22:14.0404 6236 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    04:22:14.0419 6236 RDPWD - ok
    04:22:14.0464 6236 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    04:22:14.0464 6236 rdyboost - ok
    04:22:14.0489 6236 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    04:22:14.0489 6236 RemoteAccess - ok
    04:22:14.0499 6236 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    04:22:14.0504 6236 RemoteRegistry - ok
    04:22:14.0519 6236 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    04:22:14.0524 6236 RpcEptMapper - ok
    04:22:14.0534 6236 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    04:22:14.0534 6236 RpcLocator - ok
    04:22:14.0544 6236 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    04:22:14.0549 6236 RpcSs - ok
    04:22:14.0569 6236 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    04:22:14.0569 6236 rspndr - ok
    04:22:14.0594 6236 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    04:22:14.0594 6236 s3cap - ok
    04:22:14.0604 6236 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    04:22:14.0604 6236 SamSs - ok
    04:22:14.0624 6236 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    04:22:14.0624 6236 sbp2port - ok
    04:22:14.0634 6236 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    04:22:14.0639 6236 SCardSvr - ok
    04:22:14.0679 6236 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
    04:22:14.0689 6236 SCBackService - ok
    04:22:14.0699 6236 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    04:22:14.0704 6236 scfilter - ok
    04:22:14.0754 6236 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    04:22:14.0769 6236 Schedule - ok
    04:22:14.0774 6236 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    04:22:14.0774 6236 SCPolicySvc - ok
    04:22:14.0789 6236 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    04:22:14.0804 6236 SDRSVC - ok
    04:22:14.0824 6236 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    04:22:14.0829 6236 secdrv - ok
    04:22:14.0839 6236 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    04:22:14.0844 6236 seclogon - ok
    04:22:14.0859 6236 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    04:22:14.0864 6236 SENS - ok
    04:22:14.0891 6236 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    04:22:14.0901 6236 SensrSvc - ok
    04:22:14.0916 6236 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    04:22:14.0921 6236 Serenum - ok
    04:22:14.0936 6236 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    04:22:14.0936 6236 Serial - ok
    04:22:14.0951 6236 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    04:22:14.0951 6236 sermouse - ok
    04:22:14.0981 6236 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    04:22:14.0986 6236 SessionEnv - ok
    04:22:15.0006 6236 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    04:22:15.0006 6236 sffdisk - ok
    04:22:15.0021 6236 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    04:22:15.0041 6236 sffp_mmc - ok
    04:22:15.0106 6236 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    04:22:15.0126 6236 sffp_sd - ok
    04:22:15.0156 6236 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    04:22:15.0176 6236 sfloppy - ok
    04:22:15.0191 6236 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    04:22:15.0201 6236 SharedAccess - ok
    04:22:15.0226 6236 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    04:22:15.0231 6236 ShellHWDetection - ok
    04:22:15.0236 6236 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    04:22:15.0241 6236 sisagp - ok
    04:22:15.0256 6236 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    04:22:15.0256 6236 SiSRaid2 - ok
    04:22:15.0271 6236 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    04:22:15.0271 6236 SiSRaid4 - ok
    04:22:15.0331 6236 [ 94A221B95F4FB4FAAB6A56A683D6FDF3 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    04:22:15.0336 6236 SkypeUpdate - ok
    04:22:15.0361 6236 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    04:22:15.0366 6236 Smb - ok
    04:22:15.0391 6236 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    04:22:15.0396 6236 SNMPTRAP - ok
    04:22:15.0406 6236 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    04:22:15.0411 6236 spldr - ok
    04:22:15.0426 6236 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
    04:22:15.0431 6236 Spooler - ok
    04:22:15.0481 6236 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    04:22:15.0516 6236 sppsvc - ok
    04:22:15.0531 6236 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    04:22:15.0536 6236 sppuinotify - ok
    04:22:15.0561 6236 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    04:22:15.0561 6236 srv - ok
    04:22:15.0576 6236 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    04:22:15.0576 6236 srv2 - ok
    04:22:15.0601 6236 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    04:22:15.0601 6236 srvnet - ok
    04:22:15.0611 6236 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    04:22:15.0616 6236 SSDPSRV - ok
    04:22:15.0626 6236 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    04:22:15.0631 6236 SstpSvc - ok
    04:22:15.0646 6236 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    04:22:15.0646 6236 stexstor - ok
    04:22:15.0666 6236 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    04:22:15.0671 6236 StiSvc - ok
    04:22:15.0686 6236 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    04:22:15.0686 6236 storflt - ok
    04:22:15.0701 6236 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
    04:22:15.0711 6236 StorSvc - ok
    04:22:15.0721 6236 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    04:22:15.0721 6236 storvsc - ok
    04:22:15.0731 6236 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    04:22:15.0731 6236 swenum - ok
    04:22:15.0751 6236 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    04:22:15.0756 6236 swprv - ok
    04:22:15.0771 6236 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    04:22:15.0791 6236 SysMain - ok
    04:22:15.0821 6236 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    04:22:15.0826 6236 TabletInputService - ok
    04:22:15.0836 6236 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    04:22:15.0836 6236 TapiSrv - ok
    04:22:15.0846 6236 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    04:22:15.0851 6236 TBS - ok
    04:22:15.0906 6236 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    04:22:15.0931 6236 Tcpip - ok
    04:22:15.0966 6236 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    04:22:15.0971 6236 TCPIP6 - ok
    04:22:16.0001 6236 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    04:22:16.0006 6236 tcpipreg - ok
    04:22:16.0026 6236 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    04:22:16.0031 6236 TDPIPE - ok
    04:22:16.0046 6236 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    04:22:16.0046 6236 TDTCP - ok
    04:22:16.0066 6236 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    04:22:16.0066 6236 tdx - ok
    04:22:16.0081 6236 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    04:22:16.0086 6236 TermDD - ok
    04:22:16.0101 6236 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    04:22:16.0111 6236 TermService - ok
    04:22:16.0121 6236 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    04:22:16.0121 6236 Themes - ok
    04:22:16.0131 6236 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    04:22:16.0131 6236 THREADORDER - ok
    04:22:16.0141 6236 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    04:22:16.0146 6236 TrkWks - ok
    04:22:16.0171 6236 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    04:22:16.0171 6236 TrustedInstaller - ok
    04:22:16.0181 6236 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    04:22:16.0186 6236 tssecsrv - ok
    04:22:16.0221 6236 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    04:22:16.0236 6236 TsUsbFlt - ok
    04:22:16.0296 6236 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    04:22:16.0296 6236 tunnel - ok
    04:22:16.0306 6236 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    04:22:16.0306 6236 uagp35 - ok
    04:22:16.0316 6236 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    04:22:16.0321 6236 udfs - ok
    04:22:16.0326 6236 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    04:22:16.0331 6236 UI0Detect - ok
    04:22:16.0351 6236 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    04:22:16.0351 6236 uliagpkx - ok
    04:22:16.0371 6236 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
    04:22:16.0371 6236 umbus - ok
    04:22:16.0386 6236 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    04:22:16.0391 6236 UmPass - ok
    04:22:16.0401 6236 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
    04:22:16.0406 6236 UmRdpService - ok
    04:22:16.0501 6236 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    04:22:16.0511 6236 UMVPFSrv - ok
    04:22:16.0531 6236 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    04:22:16.0536 6236 upnphost - ok
    04:22:16.0571 6236 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    04:22:16.0571 6236 USBAAPL - ok
    04:22:16.0611 6236 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    04:22:16.0616 6236 usbaudio - ok
    04:22:16.0626 6236 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    04:22:16.0641 6236 usbccgp - ok
    04:22:16.0661 6236 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    04:22:16.0661 6236 usbcir - ok
    04:22:16.0676 6236 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    04:22:16.0681 6236 usbehci - ok
    04:22:16.0701 6236 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    04:22:16.0706 6236 usbhub - ok
    04:22:16.0716 6236 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    04:22:16.0716 6236 usbohci - ok
    04:22:16.0731 6236 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    04:22:16.0731 6236 usbprint - ok
    04:22:16.0741 6236 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    04:22:16.0766 6236 USBSTOR - ok
    04:22:16.0781 6236 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    04:22:16.0786 6236 usbuhci - ok
    04:22:16.0801 6236 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    04:22:16.0806 6236 UxSms - ok
    04:22:16.0811 6236 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    04:22:16.0811 6236 VaultSvc - ok
    04:22:16.0831 6236 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    04:22:16.0831 6236 vdrvroot - ok
    04:22:16.0851 6236 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    04:22:16.0861 6236 vds - ok
    04:22:16.0881 6236 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    04:22:16.0886 6236 vga - ok
    04:22:16.0901 6236 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    04:22:16.0901 6236 VgaSave - ok
    04:22:16.0916 6236 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    04:22:16.0921 6236 vhdmp - ok
    04:22:16.0936 6236 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    04:22:16.0936 6236 viaagp - ok
    04:22:16.0951 6236 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    04:22:16.0956 6236 ViaC7 - ok
    04:22:16.0966 6236 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    04:22:16.0966 6236 viaide - ok
    04:22:16.0981 6236 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
    04:22:16.0981 6236 vmbus - ok
    04:22:16.0996 6236 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    04:22:16.0996 6236 VMBusHID - ok
    04:22:17.0006 6236 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    04:22:17.0006 6236 volmgr - ok
    04:22:17.0016 6236 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    04:22:17.0021 6236 volmgrx - ok
    04:22:17.0026 6236 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    04:22:17.0026 6236 volsnap - ok
    04:22:17.0046 6236 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    04:22:17.0051 6236 vsmraid - ok
    04:22:17.0071 6236 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    04:22:17.0086 6236 VSS - ok
    04:22:17.0131 6236 [ 50D3941555FEFDF46424431702EC5FB6 ] vToolbarUpdater14.0.1 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    04:22:17.0136 6236 vToolbarUpdater14.0.1 - ok
    04:22:17.0151 6236 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    04:22:17.0151 6236 vwifibus - ok
    04:22:17.0166 6236 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    04:22:17.0171 6236 W32Time - ok
    04:22:17.0181 6236 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    04:22:17.0181 6236 WacomPen - ok
    04:22:17.0201 6236 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    04:22:17.0206 6236 WANARP - ok
    04:22:17.0206 6236 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    04:22:17.0211 6236 Wanarpv6 - ok
    04:22:17.0261 6236 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    04:22:17.0276 6236 WatAdminSvc - ok
    04:22:17.0301 6236 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    04:22:17.0346 6236 wbengine - ok
    04:22:17.0351 6236 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    04:22:17.0356 6236 WbioSrvc - ok
    04:22:17.0386 6236 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    04:22:17.0391 6236 wcncsvc - ok
    04:22:17.0396 6236 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    04:22:17.0406 6236 WcsPlugInService - ok
    04:22:17.0426 6236 [ E47E66538692B1CFD6CC8021546FCC83 ] WCUService_STC_FF C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    04:22:17.0426 6236 WCUService_STC_FF - ok
    04:22:17.0451 6236 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    04:22:17.0451 6236 WCUService_STC_IE - ok
    04:22:17.0466 6236 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    04:22:17.0471 6236 Wd - ok
    04:22:17.0486 6236 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    04:22:17.0491 6236 Wdf01000 - ok
    04:22:17.0496 6236 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    04:22:17.0501 6236 WdiServiceHost - ok
    04:22:17.0506 6236 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    04:22:17.0506 6236 WdiSystemHost - ok
    04:22:17.0516 6236 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    04:22:17.0521 6236 WebClient - ok
    04:22:17.0521 6236 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    04:22:17.0526 6236 Wecsvc - ok
    04:22:17.0531 6236 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    04:22:17.0536 6236 wercplsupport - ok
    04:22:17.0561 6236 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    04:22:17.0566 6236 WerSvc - ok
    04:22:17.0586 6236 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    04:22:17.0591 6236 WfpLwf - ok
    04:22:17.0601 6236 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    04:22:17.0601 6236 WIMMount - ok
    04:22:17.0636 6236 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    04:22:17.0641 6236 WinDefend - ok
    04:22:17.0646 6236 WinHttpAutoProxySvc - ok
    04:22:17.0671 6236 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    04:22:17.0671 6236 Winmgmt - ok
    04:22:17.0691 6236 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    04:22:17.0706 6236 WinRM - ok
    04:22:17.0756 6236 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    04:22:17.0766 6236 WinUsb - ok
    04:22:17.0802 6236 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    04:22:17.0817 6236 Wlansvc - ok
    04:22:17.0842 6236 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    04:22:17.0842 6236 WmiAcpi - ok
    04:22:17.0872 6236 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    04:22:17.0872 6236 wmiApSrv - ok
    04:22:17.0912 6236 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    04:22:17.0937 6236 WMPNetworkSvc - ok
    04:22:17.0952 6236 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    04:22:17.0967 6236 WPCSvc - ok
    04:22:17.0977 6236 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    04:22:17.0982 6236 WPDBusEnum - ok
    04:22:17.0987 6236 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    04:22:17.0992 6236 ws2ifsl - ok
    04:22:18.0002 6236 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
    04:22:18.0007 6236 wscsvc - ok
    04:22:18.0012 6236 WSearch - ok
    04:22:18.0072 6236 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    04:22:18.0107 6236 wuauserv - ok
    04:22:18.0117 6236 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    04:22:18.0122 6236 WudfPf - ok
    04:22:18.0162 6236 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    04:22:18.0167 6236 WUDFRd - ok
    04:22:18.0177 6236 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    04:22:18.0182 6236 wudfsvc - ok
    04:22:18.0192 6236 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    04:22:18.0197 6236 WwanSvc - ok
    04:22:18.0207 6236 ================ Scan global ===============================
    04:22:18.0237 6236 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    04:22:18.0267 6236 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
    04:22:18.0292 6236 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
    04:22:18.0307 6236 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    04:22:18.0317 6236 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    04:22:18.0322 6236 [Global] - ok
    04:22:18.0322 6236 ================ Scan MBR ==================================
    04:22:18.0332 6236 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    04:22:18.0457 6236 \Device\Harddisk0\DR0 - ok
    04:22:18.0457 6236 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    04:22:18.0602 6236 \Device\Harddisk1\DR1 - ok
    04:22:18.0602 6236 ================ Scan VBR ==================================
    04:22:18.0602 6236 [ C9C3713F5B8F9A09983C661E5E976FC0 ] \Device\Harddisk0\DR0\Partition1
    04:22:18.0607 6236 \Device\Harddisk0\DR0\Partition1 - ok
    04:22:18.0607 6236 [ 7D50E78CFAFE4F2BD09675E156BFC240 ] \Device\Harddisk0\DR0\Partition2
    04:22:18.0607 6236 \Device\Harddisk0\DR0\Partition2 - ok
    04:22:18.0612 6236 [ DC196D4AB10E5D99E7DC0FF12AB7368D ] \Device\Harddisk1\DR1\Partition1
    04:22:18.0612 6236 \Device\Harddisk1\DR1\Partition1 - ok
    04:22:18.0612 6236 ============================================================
    04:22:18.0612 6236 Scan finished
    04:22:18.0612 6236 ============================================================
    04:22:18.0627 6844 Detected object count: 0
    04:22:18.0627 6844 Actual detected object count: 0
    04:24:18.0971 6988 ============================================================
    04:24:18.0971 6988 Scan started
    04:24:18.0971 6988 Mode: Manual;
    04:24:18.0971 6988 ============================================================
    04:24:19.0086 6988 ================ Scan system memory ========================
    04:24:19.0086 6988 System memory - ok
    04:24:19.0086 6988 ================ Scan services =============================
    04:24:19.0176 6988 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    04:24:19.0181 6988 1394ohci - ok
    04:24:19.0201 6988 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    04:24:19.0206 6988 ACPI - ok
    04:24:19.0231 6988 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    04:24:19.0236 6988 AcpiPmi - ok
    04:24:19.0291 6988 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    04:24:19.0296 6988 AdobeARMservice - ok
    04:24:19.0336 6988 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    04:24:19.0341 6988 AdobeFlashPlayerUpdateSvc - ok
    04:24:19.0376 6988 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    04:24:19.0381 6988 adp94xx - ok
    04:24:19.0401 6988 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    04:24:19.0406 6988 adpahci - ok
    04:24:19.0416 6988 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    04:24:19.0421 6988 adpu320 - ok
    04:24:19.0431 6988 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    04:24:19.0436 6988 AeLookupSvc - ok
    04:24:19.0461 6988 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    04:24:19.0466 6988 AFD - ok
    04:24:19.0481 6988 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
    04:24:19.0481 6988 agp440 - ok
    04:24:19.0491 6988 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    04:24:19.0491 6988 aic78xx - ok
    04:24:19.0506 6988 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    04:24:19.0506 6988 ALG - ok
    04:24:19.0526 6988 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    04:24:19.0526 6988 aliide - ok
    04:24:19.0551 6988 [ 8570625CA5DBD8083BEA7CB73065B53D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    04:24:19.0551 6988 AMD External Events Utility - ok
    04:24:19.0556 6988 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    04:24:19.0561 6988 amdagp - ok
    04:24:19.0576 6988 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    04:24:19.0576 6988 amdide - ok
    04:24:19.0586 6988 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    04:24:19.0586 6988 AmdK8 - ok
    04:24:19.0666 6988 [ C22BDFCBED2596692096F85A9BF54358 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    04:24:19.0686 6988 amdkmdag - ok
    04:24:19.0701 6988 [ CC6A16CE23DBC94A59F8E821558D5754 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    04:24:19.0706 6988 amdkmdap - ok
    04:24:19.0726 6988 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    04:24:19.0726 6988 AmdPPM - ok
    04:24:19.0731 6988 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    04:24:19.0736 6988 amdsata - ok
    04:24:19.0746 6988 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    04:24:19.0746 6988 amdsbs - ok
    04:24:19.0751 6988 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    04:24:19.0751 6988 amdxata - ok
    04:24:19.0786 6988 [ 5BD30B502168013C9EA03A5C2F1C9776 ] AODDriver C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys
    04:24:19.0786 6988 AODDriver - ok
    04:24:19.0826 6988 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    04:24:19.0826 6988 AppID - ok
    04:24:19.0841 6988 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    04:24:19.0846 6988 AppIDSvc - ok
    04:24:19.0856 6988 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
    04:24:19.0856 6988 Appinfo - ok
    04:24:19.0881 6988 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    04:24:19.0881 6988 Apple Mobile Device - ok
    04:24:19.0891 6988 [ F5F0F78286A849BC0E45E0E99065B04F ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
    04:24:19.0891 6988 AppleCharger - ok
    04:24:19.0916 6988 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
    04:24:19.0916 6988 AppleChargerSrv - ok
    04:24:19.0941 6988 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
    04:24:19.0941 6988 AppMgmt - ok
    04:24:19.0956 6988 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    04:24:19.0956 6988 arc - ok
    04:24:19.0966 6988 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    04:24:19.0966 6988 arcsas - ok
    04:24:19.0981 6988 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    04:24:19.0981 6988 AsyncMac - ok
    04:24:19.0991 6988 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    04:24:19.0991 6988 atapi - ok
    04:24:20.0051 6988 [ C22BDFCBED2596692096F85A9BF54358 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    04:24:20.0076 6988 atikmdag - ok
    04:24:20.0106 6988 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    04:24:20.0106 6988 AudioEndpointBuilder - ok
    04:24:20.0116 6988 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    04:24:20.0116 6988 Audiosrv - ok
    04:24:20.0251 6988 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
    04:24:20.0276 6988 AVGIDSAgent - ok
    04:24:20.0301 6988 [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
    04:24:20.0301 6988 AVGIDSDriver - ok
    04:24:20.0316 6988 [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
    04:24:20.0316 6988 AVGIDSHX - ok
    04:24:20.0346 6988 [ 240F106B07CD9B522E2CD9E621618367 ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
    04:24:20.0346 6988 AVGIDSShim - ok
    04:24:20.0381 6988 [ 7023142C545896D3538C9D36DDC57406 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
    04:24:20.0386 6988 Avgldx86 - ok
    04:24:20.0401 6988 [ 87E88A36279C8E5869270CC87F5BB7CD ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
    04:24:20.0406 6988 Avglogx - ok
    04:24:20.0426 6988 [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
    04:24:20.0426 6988 Avgmfx86 - ok
    04:24:20.0446 6988 [ B8392B63D795A3DE866793220D3559EF ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
    04:24:20.0446 6988 Avgrkx86 - ok
    04:24:20.0456 6988 [ 69A4DF4CD2A15AACC0E8D2005D6A04BA ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
    04:24:20.0456 6988 Avgtdix - ok
    04:24:20.0476 6988 [ 740970262714E0575F23A917A2A53A31 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
    04:24:20.0476 6988 avgtp - ok
    04:24:20.0496 6988 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    04:24:20.0496 6988 avgwd - ok
    04:24:20.0506 6988 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    04:24:20.0506 6988 AxInstSV - ok
    04:24:20.0521 6988 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    04:24:20.0521 6988 b06bdrv - ok
    04:24:20.0536 6988 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    04:24:20.0541 6988 b57nd60x - ok
    04:24:20.0558 6988 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    04:24:20.0558 6988 BDESVC - ok
    04:24:20.0568 6988 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    04:24:20.0568 6988 Beep - ok
    04:24:20.0578 6988 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
    04:24:20.0583 6988 BFE - ok
    04:24:20.0618 6988 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
    04:24:20.0628 6988 BITS - ok
    04:24:20.0648 6988 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    04:24:20.0648 6988 blbdrive - ok
    04:24:20.0688 6988 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    04:24:20.0693 6988 Bonjour Service - ok
    04:24:20.0713 6988 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    04:24:20.0713 6988 bowser - ok
    04:24:20.0733 6988 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    04:24:20.0733 6988 BrFiltLo - ok
    04:24:20.0748 6988 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    04:24:20.0753 6988 BrFiltUp - ok
    04:24:20.0768 6988 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
    04:24:20.0773 6988 Browser - ok
    04:24:20.0778 6988 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    04:24:20.0783 6988 Brserid - ok
    04:24:20.0793 6988 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    04:24:20.0798 6988 BrSerWdm - ok
    04:24:20.0798 6988 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    04:24:20.0803 6988 BrUsbMdm - ok
    04:24:20.0808 6988 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    04:24:20.0813 6988 BrUsbSer - ok
    04:24:20.0828 6988 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    04:24:20.0828 6988 BTHMODEM - ok
    04:24:20.0833 6988 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    04:24:20.0838 6988 bthserv - ok
    04:24:20.0843 6988 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    04:24:20.0843 6988 cdfs - ok
    04:24:20.0863 6988 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    04:24:20.0863 6988 cdrom - ok
    04:24:20.0878 6988 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    04:24:20.0878 6988 CertPropSvc - ok
    04:24:20.0888 6988 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    04:24:20.0888 6988 circlass - ok
    04:24:20.0898 6988 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    04:24:20.0903 6988 CLFS - ok
    04:24:20.0948 6988 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    04:24:20.0948 6988 clr_optimization_v2.0.50727_32 - ok
    04:24:20.0988 6988 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    04:24:20.0993 6988 clr_optimization_v4.0.30319_32 - ok
    04:24:21.0013 6988 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    04:24:21.0018 6988 CmBatt - ok
    04:24:21.0123 6988 [ 2A2D72271844C52F004901A60312B96A ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    04:24:21.0138 6988 cmdAgent - ok
    04:24:21.0168 6988 [ A1865742BBCF4C5F38FEE1258F8048FD ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
    04:24:21.0173 6988 cmdGuard - ok
    04:24:21.0183 6988 [ 221D000474F01B1606FFC3FF362D9333 ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
    04:24:21.0183 6988 cmdHlp - ok
    04:24:21.0203 6988 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    04:24:21.0203 6988 cmdide - ok
    04:24:21.0238 6988 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    04:24:21.0243 6988 CNG - ok
    04:24:21.0253 6988 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    04:24:21.0253 6988 Compbatt - ok
    04:24:21.0268 6988 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    04:24:21.0268 6988 CompositeBus - ok
    04:24:21.0273 6988 COMSysApp - ok
    04:24:21.0278 6988 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    04:24:21.0278 6988 crcdisk - ok
    04:24:21.0318 6988 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
    04:24:21.0323 6988 CryptSvc - ok
    04:24:21.0363 6988 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
    04:24:21.0373 6988 CSC - ok
    04:24:21.0393 6988 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
    04:24:21.0398 6988 CscService - ok
    04:24:21.0418 6988 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    04:24:21.0423 6988 DcomLaunch - ok
    04:24:21.0438 6988 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    04:24:21.0438 6988 defragsvc - ok
    04:24:21.0448 6988 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    04:24:21.0448 6988 DfsC - ok
    04:24:21.0468 6988 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    04:24:21.0468 6988 Dhcp - ok
    04:24:21.0478 6988 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    04:24:21.0478 6988 discache - ok
    04:24:21.0493 6988 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
    04:24:21.0493 6988 Disk - ok
    04:24:21.0518 6988 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    04:24:21.0518 6988 Dnscache - ok
    04:24:21.0533 6988 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    04:24:21.0543 6988 dot3svc - ok
    04:24:21.0578 6988 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    04:24:21.0583 6988 Dot4 - ok
    04:24:21.0593 6988 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    04:24:21.0593 6988 Dot4Print - ok
    04:24:21.0603 6988 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    04:24:21.0603 6988 dot4usb - ok
    04:24:21.0643 6988 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    04:24:21.0648 6988 DPS - ok
    04:24:21.0668 6988 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    04:24:21.0673 6988 drmkaud - ok
    04:24:21.0753 6988 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    04:24:21.0763 6988 DXGKrnl - ok
    04:24:21.0773 6988 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    04:24:21.0778 6988 EapHost - ok
    04:24:21.0838 6988 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    04:24:21.0858 6988 ebdrv - ok
    04:24:21.0873 6988 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    04:24:21.0873 6988 EFS - ok
    04:24:21.0903 6988 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    04:24:21.0903 6988 ehRecvr - ok
    04:24:21.0923 6988 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    04:24:21.0923 6988 ehSched - ok
    04:24:21.0938 6988 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    04:24:21.0943 6988 elxstor - ok
    04:24:21.0943 6988 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    04:24:21.0943 6988 ErrDev - ok
    04:24:21.0958 6988 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    04:24:21.0958 6988 EventSystem - ok
    04:24:21.0973 6988 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    04:24:21.0973 6988 exfat - ok
    04:24:21.0988 6988 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    04:24:21.0988 6988 fastfat - ok
    04:24:22.0008 6988 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    04:24:22.0013 6988 Fax - ok
    04:24:22.0018 6988 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    04:24:22.0018 6988 fdc - ok
    04:24:22.0018 6988 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    04:24:22.0018 6988 fdPHost - ok
    04:24:22.0023 6988 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    04:24:22.0023 6988 FDResPub - ok
    04:24:22.0038 6988 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    04:24:22.0038 6988 FileInfo - ok
    04:24:22.0048 6988 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    04:24:22.0048 6988 Filetrace - ok
    04:24:22.0058 6988 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    04:24:22.0058 6988 flpydisk - ok
    04:24:22.0088 6988 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    04:24:22.0088 6988 FltMgr - ok
    04:24:22.0113 6988 [ FA6C66E4364D7DA57AADE5DCC03BB999 ] FontCache C:\Windows\system32\FntCache.dll
    04:24:22.0128 6988 FontCache - ok
    04:24:22.0158 6988 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    04:24:22.0163 6988 FontCache3.0.0.0 - ok
    04:24:22.0173 6988 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    04:24:22.0173 6988 FsDepends - ok
    04:24:22.0193 6988 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    04:24:22.0193 6988 Fs_Rec - ok
    04:24:22.0208 6988 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    04:24:22.0213 6988 fvevol - ok
    04:24:22.0228 6988 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    04:24:22.0228 6988 gagp30kx - ok
    04:24:22.0243 6988 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\Windows\gdrv.sys
    04:24:22.0243 6988 gdrv - ok
    04:24:22.0263 6988 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    04:24:22.0263 6988 GEARAspiWDM - ok
    04:24:22.0283 6988 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    04:24:22.0293 6988 gpsvc - ok
    04:24:22.0303 6988 [ 689A8EEF2A2D62B28A0A578A6196531C ] GVTDrv C:\Windows\system32\Drivers\GVTDrv.sys
    04:24:22.0303 6988 GVTDrv - ok
    04:24:22.0318 6988 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    04:24:22.0318 6988 hcw85cir - ok
    04:24:22.0348 6988 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    04:24:22.0353 6988 HdAudAddService - ok
    04:24:22.0363 6988 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    04:24:22.0368 6988 HDAudBus - ok
    04:24:22.0373 6988 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    04:24:22.0378 6988 HidBatt - ok
    04:24:22.0383 6988 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    04:24:22.0388 6988 HidBth - ok
    04:24:22.0393 6988 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    04:24:22.0393 6988 HidIr - ok
    04:24:22.0398 6988 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    04:24:22.0398 6988 hidserv - ok
    04:24:22.0423 6988 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    04:24:22.0423 6988 HidUsb - ok
    04:24:22.0453 6988 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    04:24:22.0458 6988 hkmsvc - ok
    04:24:22.0478 6988 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    04:24:22.0483 6988 HomeGroupListener - ok
    04:24:22.0498 6988 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    04:24:22.0503 6988 HomeGroupProvider - ok
    04:24:22.0518 6988 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    04:24:22.0518 6988 HpSAMD - ok
    04:24:22.0543 6988 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    04:24:22.0548 6988 HTTP - ok
    04:24:22.0553 6988 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    04:24:22.0558 6988 hwpolicy - ok
    04:24:22.0578 6988 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    04:24:22.0578 6988 i8042prt - ok
    04:24:22.0598 6988 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    04:24:22.0603 6988 iaStorV - ok
    04:24:22.0653 6988 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    04:24:22.0653 6988 IDriverT - ok
    04:24:22.0698 6988 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    04:24:22.0713 6988 idsvc - ok
    04:24:22.0743 6988 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    04:24:22.0748 6988 iirsp - ok
    04:24:22.0768 6988 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    04:24:22.0773 6988 IKEEXT - ok
    04:24:22.0793 6988 [ 3B6BE2DA5993B1E38613976FAF4AC83E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
    04:24:22.0793 6988 inspect - ok
    04:24:22.0853 6988 [ 345AC48D17F5C2F2AA1EE50D34C3978B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
    04:24:22.0873 6988 IntcAzAudAddService - ok
    04:24:22.0883 6988 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    04:24:22.0883 6988 intelide - ok
    04:24:22.0893 6988 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    04:24:22.0893 6988 intelppm - ok
    04:24:22.0898 6988 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    04:24:22.0903 6988 IPBusEnum - ok
    04:24:22.0913 6988 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    04:24:22.0913 6988 IpFilterDriver - ok
    04:24:22.0928 6988 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    04:24:22.0928 6988 iphlpsvc - ok
    04:24:22.0943 6988 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    04:24:22.0943 6988 IPMIDRV - ok
    04:24:22.0958 6988 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    04:24:22.0958 6988 IPNAT - ok
    04:24:22.0988 6988 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    04:24:22.0993 6988 iPod Service - ok
    04:24:23.0008 6988 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys
    04:24:23.0013 6988 iPodDrv - ok
    04:24:23.0018 6988 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    04:24:23.0018 6988 IRENUM - ok
    04:24:23.0023 6988 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    04:24:23.0023 6988 isapnp - ok
    04:24:23.0038 6988 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    04:24:23.0038 6988 iScsiPrt - ok
    04:24:23.0048 6988 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    04:24:23.0048 6988 kbdclass - ok
    04:24:23.0058 6988 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    04:24:23.0063 6988 kbdhid - ok
    04:24:23.0063 6988 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    04:24:23.0063 6988 KeyIso - ok
    04:24:23.0083 6988 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    04:24:23.0083 6988 KSecDD - ok
    04:24:23.0108 6988 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    04:24:23.0108 6988 KSecPkg - ok
    04:24:23.0133 6988 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    04:24:23.0143 6988 KtmRm - ok
    04:24:23.0158 6988 [ 25046613DFA30A7361996F15901CA0DE ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
    04:24:23.0163 6988 L1C - ok
    04:24:23.0198 6988 [ D88846F9F4F27AE9BE584A6E5B6B8753 ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
    04:24:23.0198 6988 L8042Kbd - ok
    04:24:23.0218 6988 [ BEA61FDA2103F6F51B14EB0872E8A050 ] L8042mou C:\Windows\system32\DRIVERS\L8042mou.Sys
    04:24:23.0218 6988 L8042mou - ok
    04:24:23.0238 6988 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    04:24:23.0243 6988 LanmanServer - ok
    04:24:23.0253 6988 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    04:24:23.0258 6988 LanmanWorkstation - ok
    04:24:23.0268 6988 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    04:24:23.0268 6988 lltdio - ok
    04:24:23.0298 6988 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    04:24:23.0298 6988 lltdsvc - ok
    04:24:23.0308 6988 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    04:24:23.0313 6988 lmhosts - ok
    04:24:23.0318 6988 [ CAB504E38FCED9A56D87D838E9BA13E9 ] LMouKE C:\Windows\system32\DRIVERS\LMouKE.Sys
    04:24:23.0318 6988 LMouKE - ok
    04:24:23.0328 6988 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    04:24:23.0328 6988 LSI_FC - ok
    04:24:23.0338 6988 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    04:24:23.0338 6988 LSI_SAS - ok
    04:24:23.0353 6988 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    04:24:23.0353 6988 LSI_SAS2 - ok
    04:24:23.0368 6988 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    04:24:23.0373 6988 LSI_SCSI - ok
    04:24:23.0383 6988 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    04:24:23.0383 6988 luafv - ok
    04:24:23.0418 6988 [ AF280405C10F0D20F37670B7432E5C2F ] lvpopflt C:\Windows\system32\DRIVERS\lvpopflt.sys
    04:24:23.0418 6988 lvpopflt - ok
    04:24:23.0463 6988 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    04:24:23.0463 6988 LVPr2Mon - ok
    04:24:23.0508 6988 [ ED643E777BA3F7151EF3F0FB6BE4F7F0 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
    04:24:23.0513 6988 LVRS - ok
    04:24:23.0628 6988 [ 5BC80451109A8DD7F2DDD35BCE2929A3 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
    04:24:23.0653 6988 LVUVC - ok
    04:24:23.0688 6988 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    04:24:23.0688 6988 Mcx2Svc - ok
    04:24:23.0703 6988 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    04:24:23.0703 6988 megasas - ok
    04:24:23.0718 6988 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    04:24:23.0718 6988 MegaSR - ok
    04:24:23.0743 6988 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    04:24:23.0743 6988 MMCSS - ok
    04:24:23.0748 6988 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    04:24:23.0748 6988 Modem - ok
    04:24:23.0753 6988 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    04:24:23.0753 6988 monitor - ok
    04:24:23.0778 6988 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    04:24:23.0778 6988 mouclass - ok
    04:24:23.0788 6988 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    04:24:23.0788 6988 mouhid - ok
    04:24:23.0813 6988 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    04:24:23.0813 6988 mountmgr - ok
    04:24:23.0843 6988 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    04:24:23.0843 6988 MozillaMaintenance - ok
    04:24:23.0853 6988 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    04:24:23.0853 6988 mpio - ok
    04:24:23.0868 6988 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    04:24:23.0868 6988 mpsdrv - ok
    04:24:23.0903 6988 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    04:24:23.0918 6988 MpsSvc - ok
    04:24:23.0928 6988 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    04:24:23.0933 6988 MRxDAV - ok
    04:24:23.0948 6988 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    04:24:23.0953 6988 mrxsmb - ok
    04:24:23.0968 6988 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    04:24:23.0968 6988 mrxsmb10 - ok
    04:24:23.0983 6988 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    04:24:23.0983 6988 mrxsmb20 - ok
    04:24:24.0003 6988 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    04:24:24.0003 6988 msahci - ok
    04:24:24.0013 6988 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    04:24:24.0013 6988 msdsm - ok
    04:24:24.0033 6988 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    04:24:24.0033 6988 MSDTC - ok
    04:24:24.0043 6988 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    04:24:24.0043 6988 Msfs - ok
    04:24:24.0053 6988 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    04:24:24.0053 6988 mshidkmdf - ok
    04:24:24.0058 6988 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    04:24:24.0058 6988 msisadrv - ok
    04:24:24.0068 6988 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    04:24:24.0073 6988 MSiSCSI - ok
    04:24:24.0073 6988 msiserver - ok
    04:24:24.0083 6988 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    04:24:24.0083 6988 MSKSSRV - ok
    04:24:24.0093 6988 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    04:24:24.0093 6988 MSPCLOCK - ok
    04:24:24.0098 6988 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    04:24:24.0098 6988 MSPQM - ok
    04:24:24.0108 6988 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    04:24:24.0108 6988 MsRPC - ok
    04:24:24.0118 6988 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    04:24:24.0118 6988 mssmbios - ok
    04:24:24.0123 6988 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    04:24:24.0123 6988 MSTEE - ok
    04:24:24.0133 6988 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    04:24:24.0133 6988 MTConfig - ok
    04:24:24.0143 6988 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    04:24:24.0143 6988 Mup - ok
    04:24:24.0153 6988 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    04:24:24.0158 6988 napagent - ok
    04:24:24.0163 6988 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    04:24:24.0163 6988 NativeWifiP - ok
    04:24:24.0178 6988 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
    04:24:24.0183 6988 NDIS - ok
    04:24:24.0188 6988 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    04:24:24.0188 6988 NdisCap - ok
    04:24:24.0198 6988 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    04:24:24.0203 6988 NdisTapi - ok
    04:24:24.0248 6988 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    04:24:24.0248 6988 Ndisuio - ok
    04:24:24.0273 6988 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    04:24:24.0278 6988 NdisWan - ok
    04:24:24.0283 6988 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    04:24:24.0288 6988 NDProxy - ok
    04:24:24.0318 6988 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    04:24:24.0318 6988 Net Driver HPZ12 - ok
    04:24:24.0333 6988 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    04:24:24.0333 6988 NetBIOS - ok
    04:24:24.0368 6988 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    04:24:24.0368 6988 NetBT - ok
    04:24:24.0383 6988 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    04:24:24.0388 6988 Netlogon - ok
    04:24:24.0403 6988 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    04:24:24.0408 6988 Netman - ok
    04:24:24.0423 6988 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    04:24:24.0428 6988 netprofm - ok
    04:24:24.0438 6988 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    04:24:24.0438 6988 NetTcpPortSharing - ok
    04:24:24.0453 6988 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    04:24:24.0453 6988 nfrd960 - ok
    04:24:24.0468 6988 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    04:24:24.0468 6988 NlaSvc - ok
    04:24:24.0478 6988 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    04:24:24.0483 6988 Npfs - ok
    04:24:24.0518 6988 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    04:24:24.0518 6988 nsi - ok
    04:24:24.0523 6988 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    04:24:24.0528 6988 nsiproxy - ok
    04:24:24.0578 6988 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    04:24:24.0593 6988 Ntfs - ok
    04:24:24.0608 6988 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    04:24:24.0608 6988 Null - ok
    04:24:24.0628 6988 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    04:24:24.0628 6988 nvraid - ok
    04:24:24.0638 6988 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    04:24:24.0643 6988 nvstor - ok
    04:24:24.0653 6988 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    04:24:24.0658 6988 nv_agp - ok
    04:24:24.0668 6988 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    04:24:24.0673 6988 ohci1394 - ok
    04:24:24.0688 6988 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    04:24:24.0693 6988 p2pimsvc - ok
    04:24:24.0713 6988 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    04:24:24.0718 6988 p2psvc - ok
    04:24:24.0723 6988 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    04:24:24.0728 6988 Parport - ok
    04:24:24.0753 6988 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    04:24:24.0753 6988 partmgr - ok
    04:24:24.0773 6988 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    04:24:24.0778 6988 Parvdm - ok
    04:24:24.0798 6988 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    04:24:24.0803 6988 PcaSvc - ok
    04:24:24.0818 6988 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    04:24:24.0818 6988 pci - ok
    04:24:24.0833 6988 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    04:24:24.0833 6988 pciide - ok
    04:24:24.0843 6988 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    04:24:24.0843 6988 pcmcia - ok
    04:24:24.0863 6988 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    04:24:24.0863 6988 pcw - ok
    04:24:24.0883 6988 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    04:24:24.0893 6988 PEAUTH - ok
    04:24:24.0928 6988 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    04:24:24.0943 6988 PeerDistSvc - ok
    04:24:25.0013 6988 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    04:24:25.0033 6988 pla - ok
    04:24:25.0058 6988 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    04:24:25.0063 6988 PlugPlay - ok
    04:24:25.0068 6988 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    04:24:25.0073 6988 Pml Driver HPZ12 - ok
    04:24:25.0083 6988 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    04:24:25.0083 6988 PNRPAutoReg - ok
    04:24:25.0098 6988 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    04:24:25.0103 6988 PNRPsvc - ok
    04:24:25.0113 6988 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    04:24:25.0118 6988 PolicyAgent - ok
    04:24:25.0158 6988 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    04:24:25.0163 6988 Power - ok
    04:24:25.0178 6988 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    04:24:25.0183 6988 PptpMiniport - ok
    04:24:25.0188 6988 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    04:24:25.0188 6988 Processor - ok
    04:24:25.0223 6988 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    04:24:25.0223 6988 ProfSvc - ok
    04:24:25.0233 6988 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    04:24:25.0233 6988 ProtectedStorage - ok
    04:24:25.0248 6988 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    04:24:25.0248 6988 Psched - ok
    04:24:25.0268 6988 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    04:24:25.0278 6988 ql2300 - ok
    04:24:25.0283 6988 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    04:24:25.0288 6988 ql40xx - ok
    04:24:25.0293 6988 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    04:24:25.0298 6988 QWAVE - ok
    04:24:25.0308 6988 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    04:24:25.0308 6988 QWAVEdrv - ok
    04:24:25.0313 6988 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    04:24:25.0313 6988 RasAcd - ok
    04:24:25.0333 6988 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    04:24:25.0333 6988 RasAgileVpn - ok
    04:24:25.0343 6988 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    04:24:25.0348 6988 RasAuto - ok
    04:24:25.0358 6988 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    04:24:25.0358 6988 Rasl2tp - ok
    04:24:25.0368 6988 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    04:24:25.0368 6988 RasMan - ok
    04:24:25.0378 6988 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    04:24:25.0378 6988 RasPppoe - ok
    04:24:25.0388 6988 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    04:24:25.0388 6988 RasSstp - ok
    04:24:25.0398 6988 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    04:24:25.0398 6988 rdbss - ok
    04:24:25.0408 6988 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    04:24:25.0408 6988 rdpbus - ok
    04:24:25.0423 6988 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    04:24:25.0423 6988 RDPCDD - ok
    04:24:25.0443 6988 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    04:24:25.0443 6988 RDPDR - ok
    04:24:25.0453 6988 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    04:24:25.0453 6988 RDPENCDD - ok
    04:24:25.0458 6988 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    04:24:25.0458 6988 RDPREFMP - ok
    04:24:25.0473 6988 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    04:24:25.0478 6988 RDPWD - ok
    04:24:25.0493 6988 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    04:24:25.0493 6988 rdyboost - ok
    04:24:25.0518 6988 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    04:24:25.0523 6988 RemoteAccess - ok
    04:24:25.0538 6988 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    04:24:25.0543 6988 RemoteRegistry - ok
    04:24:25.0553 6988 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    04:24:25.0558 6988 RpcEptMapper - ok
    04:24:25.0563 6988 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    04:24:25.0564 6988 RpcLocator - ok
    04:24:25.0574 6988 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    04:24:25.0579 6988 RpcSs - ok
    04:24:25.0579 6988 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    04:24:25.0579 6988 rspndr - ok
    04:24:25.0604 6988 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    04:24:25.0604 6988 s3cap - ok
    04:24:25.0609 6988 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    04:24:25.0609 6988 SamSs - ok
    04:24:25.0619 6988 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    04:24:25.0619 6988 sbp2port - ok
    04:24:25.0629 6988 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    04:24:25.0634 6988 SCardSvr - ok
    04:24:25.0649 6988 [ 8475E746EB72D04F1015E6F091F50E09 ] SCBackService C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
    04:24:25.0654 6988 SCBackService - ok
    04:24:25.0654 6988 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    04:24:25.0659 6988 scfilter - ok
    04:24:25.0674 6988 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    04:24:25.0679 6988 Schedule - ok
    04:24:25.0684 6988 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    04:24:25.0684 6988 SCPolicySvc - ok
    04:24:25.0689 6988 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    04:24:25.0694 6988 SDRSVC - ok
    04:24:25.0709 6988 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    04:24:25.0714 6988 secdrv - ok
    04:24:25.0719 6988 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    04:24:25.0719 6988 seclogon - ok
    04:24:25.0729 6988 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    04:24:25.0729 6988 SENS - ok
    04:24:25.0749 6988 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    04:24:25.0754 6988 SensrSvc - ok
    04:24:25.0759 6988 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    04:24:25.0759 6988 Serenum - ok
    04:24:25.0769 6988 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    04:24:25.0769 6988 Serial - ok
    04:24:25.0789 6988 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    04:24:25.0789 6988 sermouse - ok
    04:24:25.0804 6988 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    04:24:25.0804 6988 SessionEnv - ok
    04:24:25.0824 6988 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    04:24:25.0824 6988 sffdisk - ok
    04:24:25.0839 6988 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    04:24:25.0839 6988 sffp_mmc - ok
    04:24:25.0854 6988 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    04:24:25.0854 6988 sffp_sd - ok
    04:24:25.0869 6988 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    04:24:25.0869 6988 sfloppy - ok
    04:24:25.0899 6988 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    04:24:25.0904 6988 SharedAccess - ok
    04:24:25.0919 6988 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    04:24:25.0924 6988 ShellHWDetection - ok
    04:24:25.0944 6988 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    04:24:25.0944 6988 sisagp - ok
    04:24:25.0959 6988 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    04:24:25.0959 6988 SiSRaid2 - ok
    04:24:25.0974 6988 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    04:24:25.0974 6988 SiSRaid4 - ok
    04:24:26.0004 6988 [ 94A221B95F4FB4FAAB6A56A683D6FDF3 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    04:24:26.0004 6988 SkypeUpdate - ok
    04:24:26.0014 6988 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    04:24:26.0014 6988 Smb - ok
    04:24:26.0029 6988 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    04:24:26.0034 6988 SNMPTRAP - ok
    04:24:26.0034 6988 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    04:24:26.0039 6988 spldr - ok
    04:24:26.0049 6988 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
    04:24:26.0049 6988 Spooler - ok
    04:24:26.0104 6988 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    04:24:26.0119 6988 sppsvc - ok
    04:24:26.0134 6988 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    04:24:26.0134 6988 sppuinotify - ok
    04:24:26.0164 6988 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    04:24:26.0164 6988 srv - ok
    04:24:26.0189 6988 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    04:24:26.0194 6988 srv2 - ok
    04:24:26.0214 6988 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    04:24:26.0214 6988 srvnet - ok
    04:24:26.0224 6988 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    04:24:26.0229 6988 SSDPSRV - ok
    04:24:26.0249 6988 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    04:24:26.0249 6988 SstpSvc - ok
    04:24:26.0264 6988 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    04:24:26.0264 6988 stexstor - ok
    04:24:26.0284 6988 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    04:24:26.0294 6988 StiSvc - ok
    04:24:26.0304 6988 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    04:24:26.0304 6988 storflt - ok
    04:24:26.0319 6988 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
    04:24:26.0324 6988 StorSvc - ok
    04:24:26.0329 6988 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    04:24:26.0329 6988 storvsc - ok
    04:24:26.0334 6988 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    04:24:26.0334 6988 swenum - ok
    04:24:26.0354 6988 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    04:24:26.0359 6988 swprv - ok
    04:24:26.0379 6988 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    04:24:26.0384 6988 SysMain - ok
    04:24:26.0394 6988 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    04:24:26.0394 6988 TabletInputService - ok
    04:24:26.0404 6988 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    04:24:26.0409 6988 TapiSrv - ok
    04:24:26.0419 6988 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    04:24:26.0419 6988 TBS - ok
    04:24:26.0484 6988 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    04:24:26.0504 6988 Tcpip - ok
    04:24:26.0524 6988 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    04:24:26.0534 6988 TCPIP6 - ok
    04:24:26.0549 6988 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    04:24:26.0549 6988 tcpipreg - ok
    04:24:26.0574 6988 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    04:24:26.0574 6988 TDPIPE - ok
    04:24:26.0589 6988 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    04:24:26.0594 6988 TDTCP - ok
    04:24:26.0604 6988 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    04:24:26.0604 6988 tdx - ok
    04:24:26.0609 6988 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    04:24:26.0609 6988 TermDD - ok
    04:24:26.0624 6988 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    04:24:26.0629 6988 TermService - ok
    04:24:26.0639 6988 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    04:24:26.0644 6988 Themes - ok
    04:24:26.0649 6988 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    04:24:26.0654 6988 THREADORDER - ok
    04:24:26.0694 6988 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    04:24:26.0699 6988 TrkWks - ok
    04:24:26.0724 6988 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    04:24:26.0729 6988 TrustedInstaller - ok
    04:24:26.0754 6988 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    04:24:26.0754 6988 tssecsrv - ok
    04:24:26.0769 6988 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    04:24:26.0769 6988 TsUsbFlt - ok
    04:24:26.0784 6988 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    04:24:26.0784 6988 tunnel - ok
    04:24:26.0789 6988 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    04:24:26.0794 6988 uagp35 - ok
    04:24:26.0804 6988 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    04:24:26.0804 6988 udfs - ok
    04:24:26.0814 6988 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    04:24:26.0814 6988 UI0Detect - ok
    04:24:26.0819 6988 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    04:24:26.0824 6988 uliagpkx - ok
    04:24:26.0834 6988 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
    04:24:26.0834 6988 umbus - ok
    04:24:26.0844 6988 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    04:24:26.0844 6988 UmPass - ok
    04:24:26.0854 6988 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
    04:24:26.0859 6988 UmRdpService - ok
    04:24:26.0924 6988 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    04:24:26.0929 6988 UMVPFSrv - ok
    04:24:26.0939 6988 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    04:24:26.0949 6988 upnphost - ok
    04:24:26.0984 6988 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    04:24:26.0984 6988 USBAAPL - ok
    04:24:27.0019 6988 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    04:24:27.0019 6988 usbaudio - ok
    04:24:27.0049 6988 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    04:24:27.0049 6988 usbccgp - ok
    04:24:27.0064 6988 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    04:24:27.0064 6988 usbcir - ok
    04:24:27.0079 6988 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    04:24:27.0084 6988 usbehci - ok
    04:24:27.0114 6988 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    04:24:27.0114 6988 usbhub - ok
    04:24:27.0129 6988 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    04:24:27.0129 6988 usbohci - ok
    04:24:27.0144 6988 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    04:24:27.0144 6988 usbprint - ok
    04:24:27.0149 6988 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    04:24:27.0149 6988 USBSTOR - ok
    04:24:27.0164 6988 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    04:24:27.0164 6988 usbuhci - ok
    04:24:27.0179 6988 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    04:24:27.0179 6988 UxSms - ok
    04:24:27.0184 6988 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    04:24:27.0184 6988 VaultSvc - ok
    04:24:27.0199 6988 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    04:24:27.0199 6988 vdrvroot - ok
    04:24:27.0219 6988 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    04:24:27.0219 6988 vds - ok
    04:24:27.0229 6988 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    04:24:27.0229 6988 vga - ok
    04:24:27.0234 6988 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    04:24:27.0234 6988 VgaSave - ok
    04:24:27.0244 6988 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    04:24:27.0244 6988 vhdmp - ok
    04:24:27.0254 6988 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    04:24:27.0254 6988 viaagp - ok
    04:24:27.0264 6988 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    04:24:27.0264 6988 ViaC7 - ok
    04:24:27.0279 6988 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    04:24:27.0279 6988 viaide - ok
    04:24:27.0289 6988 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
    04:24:27.0294 6988 vmbus - ok
    04:24:27.0299 6988 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    04:24:27.0299 6988 VMBusHID - ok
    04:24:27.0314 6988 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    04:24:27.0319 6988 volmgr - ok
    04:24:27.0329 6988 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    04:24:27.0329 6988 volmgrx - ok
    04:24:27.0334 6988 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    04:24:27.0334 6988 volsnap - ok
    04:24:27.0349 6988 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    04:24:27.0349 6988 vsmraid - ok
    04:24:27.0374 6988 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    04:24:27.0384 6988 VSS - ok
    04:24:27.0449 6988 [ 50D3941555FEFDF46424431702EC5FB6 ] vToolbarUpdater14.0.1 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    04:24:27.0464 6988 vToolbarUpdater14.0.1 - ok
    04:24:27.0469 6988 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    04:24:27.0469 6988 vwifibus - ok
    04:24:27.0479 6988 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    04:24:27.0479 6988 W32Time - ok
    04:24:27.0489 6988 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    04:24:27.0489 6988 WacomPen - ok
    04:24:27.0504 6988 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    04:24:27.0504 6988 WANARP - ok
    04:24:27.0509 6988 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    04:24:27.0509 6988 Wanarpv6 - ok
    04:24:27.0564 6988 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    04:24:27.0584 6988 WatAdminSvc - ok
    04:24:27.0609 6988 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    04:24:27.0619 6988 wbengine - ok
    04:24:27.0629 6988 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    04:24:27.0634 6988 WbioSrvc - ok
    04:24:27.0649 6988 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    04:24:27.0654 6988 wcncsvc - ok
    04:24:27.0659 6988 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    04:24:27.0664 6988 WcsPlugInService - ok
    04:24:27.0679 6988 [ E47E66538692B1CFD6CC8021546FCC83 ] WCUService_STC_FF C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    04:24:27.0679 6988 WCUService_STC_FF - ok
    04:24:27.0704 6988 [ 147C60622CB53E901EFD8BB6D44A4C46 ] WCUService_STC_IE C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
    04:24:27.0709 6988 WCUService_STC_IE - ok
    04:24:27.0719 6988 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
    04:24:27.0724 6988 Wd - ok
    04:24:27.0739 6988 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    04:24:27.0744 6988 Wdf01000 - ok
    04:24:27.0749 6988 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    04:24:27.0754 6988 WdiServiceHost - ok
    04:24:27.0759 6988 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    04:24:27.0759 6988 WdiSystemHost - ok
    04:24:27.0779 6988 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    04:24:27.0779 6988 WebClient - ok
    04:24:27.0784 6988 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    04:24:27.0789 6988 Wecsvc - ok
    04:24:27.0804 6988 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    04:24:27.0804 6988 wercplsupport - ok
    04:24:27.0814 6988 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    04:24:27.0819 6988 WerSvc - ok
    04:24:27.0824 6988 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    04:24:27.0824 6988 WfpLwf - ok
    04:24:27.0839 6988 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    04:24:27.0839 6988 WIMMount - ok
    04:24:27.0874 6988 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    04:24:27.0879 6988 WinDefend - ok
    04:24:27.0884 6988 WinHttpAutoProxySvc - ok
    04:24:27.0914 6988 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    04:24:27.0919 6988 Winmgmt - ok
    04:24:27.0939 6988 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    04:24:27.0949 6988 WinRM - ok
    04:24:27.0984 6988 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    04:24:27.0984 6988 WinUsb - ok
    04:24:28.0009 6988 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    04:24:28.0014 6988 Wlansvc - ok
    04:24:28.0034 6988 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    04:24:28.0039 6988 WmiAcpi - ok
    04:24:28.0049 6988 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    04:24:28.0049 6988 wmiApSrv - ok
    04:24:28.0089 6988 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    04:24:28.0094 6988 WMPNetworkSvc - ok
    04:24:28.0099 6988 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    04:24:28.0104 6988 WPCSvc - ok
    04:24:28.0114 6988 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    04:24:28.0119 6988 WPDBusEnum - ok
    04:24:28.0124 6988 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    04:24:28.0124 6988 ws2ifsl - ok
    04:24:28.0124 6988 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
    04:24:28.0129 6988 wscsvc - ok
    04:24:28.0129 6988 WSearch - ok
    04:24:28.0179 6988 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    04:24:28.0189 6988 wuauserv - ok
    04:24:28.0199 6988 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    04:24:28.0199 6988 WudfPf - ok
    04:24:28.0224 6988 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    04:24:28.0224 6988 WUDFRd - ok
    04:24:28.0239 6988 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    04:24:28.0244 6988 wudfsvc - ok
    04:24:28.0254 6988 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    04:24:28.0254 6988 WwanSvc - ok
    04:24:28.0259 6988 ================ Scan global ===============================
    04:24:28.0289 6988 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    04:24:28.0319 6988 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
    04:24:28.0334 6988 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
    04:24:28.0354 6988 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    04:24:28.0384 6988 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    04:24:28.0389 6988 [Global] - ok
    04:24:28.0389 6988 ================ Scan MBR ==================================
    04:24:28.0394 6988 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    04:24:28.0534 6988 \Device\Harddisk0\DR0 - ok
    04:24:28.0539 6988 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    04:24:28.0624 6988 \Device\Harddisk1\DR1 - ok
    04:24:28.0624 6988 ================ Scan VBR ==================================
    04:24:28.0634 6988 [ C9C3713F5B8F9A09983C661E5E976FC0 ] \Device\Harddisk0\DR0\Partition1
    04:24:28.0634 6988 \Device\Harddisk0\DR0\Partition1 - ok
    04:24:28.0649 6988 [ 7D50E78CFAFE4F2BD09675E156BFC240 ] \Device\Harddisk0\DR0\Partition2
    04:24:28.0649 6988 \Device\Harddisk0\DR0\Partition2 - ok
    04:24:28.0649 6988 [ DC196D4AB10E5D99E7DC0FF12AB7368D ] \Device\Harddisk1\DR1\Partition1
    04:24:28.0654 6988 \Device\Harddisk1\DR1\Partition1 - ok
    04:24:28.0654 6988 ============================================================
    04:24:28.0654 6988 Scan finished
    04:24:28.0654 6988 ============================================================
    04:24:28.0659 7172 Detected object count: 0
    04:24:28.0659 7172 Actual detected object count: 0
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,367
    First Name:
    Kevin
    Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.

    • Please close all open programs and internet browsers.
    • Double click on Adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    Thank you Kevin, I was losing hope of getting assistance in here and before you replied I downloaded and executed ComboFix with the following results:

    1) ComboFix stopped working in the middle of the scan and produced this message:
    Alert! It is NOT SAFE to continue!
    The content of the Combofix package has been compromised. Please download a fresh copy from http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Note: You may be infected with a file patching virus 'VIRUT'
    (No option but OK button).

    2) AVG Detection:
    Infection: autorun.inf

    3) Restart, black screen with white letters:
    (long message that I could not copy on paper) mentioned Autochk cannot run

    4) Here is the first log that you requested:

    # AdwCleaner v2.109 - Logfile created 01/29/2013 at 05:27:58
    # Updated 26/01/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (32 bits)
    # User : Neo - NEO-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Neo\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\AVG Secure Search
    Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Neo\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Neo\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.1 (en-US)

    File : C:\Users\Neo\AppData\Roaming\Mozilla\Firefox\Profiles\4r90zrfk.default\prefs.js

    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.0.2.14")[...]
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1359420075);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", fal[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
    Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 10);
    Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1359420075");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1359420075");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Tue Jan 29 2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Tue Jan 29 2013 0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1359454250");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Mon Feb 04 201[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22US%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1359454234");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221359242129%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221359242203%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1359420141086");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221322%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22136821%22");
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1359420132583");
    Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
    Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
    Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "24");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Tue Jan [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "F[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
    Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 12);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.code", "(function(f){var u={};var e[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.name", "FacebookFFIE");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_15.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 4);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 3);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 1);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 2);
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,2[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
    Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 21);
    Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
    Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 24);
    Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
    Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
    Deleted : user_pref("extensions.crossriderapp21804.bic", "13c83c0f7ef43da8a4b54f05e4fdb8e4");
    Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
    Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1359420127);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22657516);
    Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22657571);
    Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
    Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B5b58ad66-7407-49f5-a418-f5ca3486495d%[...]

    -\\ Opera v12.12.1707.0

    File : C:\Users\Neo\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [20888 octets] - [29/01/2013 05:27:58]

    ########## EOF - C:\AdwCleaner[S1].txt - [20949 octets] ##########
     
  8. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    After downloading and executing Combofix for a second time I got the same previous message:

    ComboFix stopped working in the middle of the scan and produced this message:
    Alert! It is NOT SAFE to continue!
    The content of the Combofix package has been compromised. Please download a fresh copy from http://www.bleepingcomputer.com/comb...o-use-combofix
    Note: You may be infected with a file patching virus 'VIRUT'
    (No option but OK button).
     
  9. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    Followed by ComboFix disappearance from Desktop (poof, gone)
     
  10. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    Here is a fresh Hijackthis log sense too many registry rewrites were asked in the last 2 days and I am afraid I might have helped the virus to propagate over my PC.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:55:21 AM, on 1/29/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2013\avgui.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Neo\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: CrossriderApp0021804 - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
    O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
    O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
    O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

    --
    End of file - 7301 bytes
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,367
    First Name:
    Kevin
    Virut is just about as bad as it gets... See if you can run the following from recovery environment:

    Please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    Plug the flash drive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  12. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    Hello Kevin,
    I am very frustrated. I downloaded Farbar to Flash Drive and followed instructions but I was not able to make it run. Something is not working here. Typed: g:\frst32 and frst64 on both versions (I tried downloading 32bit version first and later 64).

    At this point I am sincerely asking you:
    If VIRUT is as powerful and destructive as I read on http://es.kioskea.net/faq/2555-como-quitar-el-virus-virut

    would not be easier to use KILLDISK?

    thank you and I am trying to save you and myself time here.
     
  13. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    or
    Win32/Virut Remover 1.2.0.715 ?
     
  14. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    I tried one last time and it scanned (g:\frst was the right command for my case). Thanks Kevin and I am sorry if I lost my patience, here is the log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2013 02
    Ran by SYSTEM at 29-01-2013 08:03:58
    Running from G:\
    Windows 7 Professional (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe" [853888 2011-03-04] (Splashtop Inc.)
    HKLM\...\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [915272 2010-11-15] (Splashtop Inc.)
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [180224 2010-04-06] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [11430504 2011-10-16] (Realtek Semiconductor)
    HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [x]
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [6756048 2012-11-07] (COMODO)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM\...\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)
    HKLM\...\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
    HKU\Neo\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17969840 2012-11-09] (Skype Technologies S.A.)
    Tcpip\Parameters: [DhcpNameServer] 207.69.188.185 207.69.188.186 207.69.188.187
    AppInit_DLLs: C:\Windows\system32\guard32.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
    Startup: C:\Users\Neo\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ===================

    3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [1990464 2012-11-07] (COMODO)
    2 SCBackService; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
    2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
    2 vToolbarUpdater14.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [945328 2013-01-23] ()
    2 WCUService_STC_FF; C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)
    2 WCUService_STC_IE; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [497480 2011-03-22] (Splashtop Inc.)

    ==================== Drivers (Whitelisted) ====================

    3 AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys [36864 2010-03-12] (Advanced Micro Devices)
    1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19808 2012-08-10] (AVG Technologies CZ, s.r.o. )
    1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [151648 2012-09-12] (AVG Technologies CZ, s.r.o.)
    0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [178656 2012-08-09] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-15] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35168 2012-08-10] (AVG Technologies CZ, s.r.o.)
    1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164704 2012-09-12] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [31576 2013-01-23] (AVG Technologies)
    1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-07] (COMODO)
    1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-07] (COMODO)
    3 gdrv; \??\C:\Windows\gdrv.sys [17488 2012-08-09] (Windows (R) 2000 DDK provider)
    3 GVTDrv; \??\C:\Windows\system32\Drivers\GVTDrv.sys [24944 2012-08-09] ()
    1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [82952 2012-11-07] (COMODO)
    2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-07-27] (Windows (R) Codename Longhorn DDK provider)
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-01-29 08:03 - 2013-01-29 08:03 - 00000000 ____D C:\FRST
    2013-01-29 02:55 - 2013-01-29 02:55 - 00007302 ____A C:\Users\Neo\Documents\hijackthis.log
    2013-01-29 02:42 - 2013-01-29 02:42 - 00103140 __RSH C:\aqju.pif
    2013-01-29 02:27 - 2013-01-29 02:29 - 00021019 ____A C:\AdwCleaner[S1].txt
    2013-01-29 02:15 - 2013-01-29 02:16 - 00580235 ____A C:\Users\Neo\Downloads\adwcleaner.exe
    2013-01-29 02:08 - 2013-01-29 04:20 - 00000280 ____A C:\Windows\setupact.log
    2013-01-29 02:08 - 2013-01-29 02:08 - 00000586 ____A C:\Windows\PFRO.log
    2013-01-29 02:08 - 2013-01-29 02:08 - 00000000 ____A C:\Windows\setuperr.log
    2013-01-29 02:01 - 2013-01-29 02:01 - 00000000 ____D C:\Qoobox
    2013-01-29 02:00 - 2013-01-29 02:00 - 00000000 ____D C:\Windows\erdnt
    2013-01-29 01:42 - 2013-01-29 01:42 - 00024261 ____A C:\Users\Neo\Documents\Combofix.odt
    2013-01-29 01:21 - 2013-01-29 01:21 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Neo\Downloads\tdsskiller.exe
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Users\Neo\AppData\Local\Updater21804
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Users\Neo\AppData\Local\Google
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Users\Neo\AppData\Local\Coupon Companion Plugin
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Program Files\Coupon Companion Plugin
    2013-01-25 12:13 - 2013-01-25 12:13 - 00353675 ____A C:\Users\Neo\Documents\ark.txt
    2013-01-25 12:08 - 2013-01-25 12:08 - 00365568 ____A C:\Users\Neo\Downloads\49896it7.exe
    2013-01-25 12:06 - 2013-01-25 12:06 - 00002979 ____A C:\Users\Neo\Desktop\attach.txt
    2013-01-25 12:06 - 2013-01-25 12:03 - 00014399 ____A C:\Users\Neo\Desktop\dds.txt
    2013-01-25 12:00 - 2013-01-25 12:00 - 00688992 ____A (Swearware) C:\Users\Neo\Downloads\dds.scr
    2013-01-24 21:35 - 2013-01-24 21:36 - 00000000 ____D C:\Users\Neo\Documents\F drive
    2013-01-24 21:16 - 2013-01-24 21:16 - 01464303 ____A (Farbar) C:\Users\Neo\Downloads\FRST64.exe
    2013-01-24 20:28 - 2013-01-24 20:28 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-01-24 18:09 - 2013-01-24 18:09 - 00000000 ____D C:\Users\Neo\Downloads\backups
    2013-01-24 17:52 - 2013-01-24 17:52 - 00388608 ____A (Trend Micro Inc.) C:\Users\Neo\Downloads\HijackThis.exe
    2013-01-23 19:13 - 2013-01-29 04:20 - 00000342 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    2013-01-18 17:21 - 2013-01-18 17:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-01-17 14:56 - 2013-01-19 08:02 - 00022227 ____A C:\Users\Neo\Documents\tenant problems 1L.odt
    2013-01-15 10:29 - 2013-01-12 00:30 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2013-01-15 10:29 - 2013-01-12 00:26 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-01-15 10:29 - 2013-01-12 00:24 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-01-15 10:28 - 2013-01-15 10:29 - 00004422 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
    2013-01-15 10:28 - 2012-05-04 15:29 - 00227720 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
    2013-01-13 06:58 - 2013-01-29 04:49 - 00000000 ____D C:\Users\Neo\AppData\Roaming\vlc
    2013-01-13 06:57 - 2013-01-13 06:57 - 00001028 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2013-01-09 14:25 - 2013-01-09 14:25 - 00000000 ____D C:\Users\Neo\AppData\Local\Logitech® Webcam Software
    2013-01-09 04:31 - 2012-11-22 18:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-01-09 04:31 - 2012-11-22 18:48 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\taskhost.exe
    2013-01-09 04:31 - 2012-11-19 20:51 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2013-01-09 04:31 - 2012-11-08 20:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
    2013-01-09 04:31 - 2012-10-31 20:47 - 01389568 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2013-01-03 07:32 - 2013-01-03 07:32 - 00016047 ____A C:\Users\Neo\Downloads\ai.weiwei.never.sorry.(2012).eng.1cd.(4763692).zip
    2013-01-02 17:56 - 2013-01-17 20:26 - 00030589 ____A C:\Users\Neo\Documents\BDSM response.odt

    ==================== One Month Modified Files and Folders ========

    2013-01-29 08:03 - 2013-01-29 08:03 - 00000000 ____D C:\FRST
    2013-01-29 05:01 - 2012-11-13 06:20 - 01668647 ____A C:\Windows\WindowsUpdate.log
    2013-01-29 05:01 - 2012-06-04 16:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-29 05:01 - 2009-07-13 20:34 - 00010336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-29 05:01 - 2009-07-13 20:34 - 00010336 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-29 04:49 - 2013-01-13 06:58 - 00000000 ____D C:\Users\Neo\AppData\Roaming\vlc
    2013-01-29 04:41 - 2012-11-13 08:28 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-29 04:20 - 2013-01-29 02:08 - 00000280 ____A C:\Windows\setupact.log
    2013-01-29 04:20 - 2013-01-23 19:13 - 00000342 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
    2013-01-29 04:20 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-29 03:02 - 2012-06-04 16:29 - 00000000 ____D C:\Users\All Users\MFAData
    2013-01-29 02:55 - 2013-01-29 02:55 - 00007302 ____A C:\Users\Neo\Documents\hijackthis.log
    2013-01-29 02:42 - 2013-01-29 02:42 - 00103140 __RSH C:\aqju.pif
    2013-01-29 02:32 - 2012-06-04 16:33 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
    2013-01-29 02:29 - 2013-01-29 02:27 - 00021019 ____A C:\AdwCleaner[S1].txt
    2013-01-29 02:16 - 2013-01-29 02:15 - 00580235 ____A C:\Users\Neo\Downloads\adwcleaner.exe
    2013-01-29 02:08 - 2013-01-29 02:08 - 00000586 ____A C:\Windows\PFRO.log
    2013-01-29 02:08 - 2013-01-29 02:08 - 00000000 ____A C:\Windows\setuperr.log
    2013-01-29 02:06 - 2012-10-01 15:47 - 00000000 ____D C:\Users\All Users\AVG2013
    2013-01-29 02:01 - 2013-01-29 02:01 - 00000000 ____D C:\Qoobox
    2013-01-29 02:00 - 2013-01-29 02:00 - 00000000 ____D C:\Windows\erdnt
    2013-01-29 02:00 - 2009-07-13 18:04 - 00000257 ____A C:\Windows\system.ini
    2013-01-29 01:42 - 2013-01-29 01:42 - 00024261 ____A C:\Users\Neo\Documents\Combofix.odt
    2013-01-29 01:21 - 2013-01-29 01:21 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Neo\Downloads\tdsskiller.exe
    2013-01-28 21:59 - 2012-06-06 12:33 - 00000000 ____D C:\Users\Neo\AppData\Roaming\Azureus
    2013-01-28 21:58 - 2012-10-01 13:11 - 02883584 ____A C:\Users\Neo\fbchathistory.dat
    2013-01-28 21:58 - 2012-06-04 15:58 - 00000000 ____D C:\users\Neo
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Users\Neo\AppData\Local\Updater21804
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Users\Neo\AppData\Local\Google
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Users\Neo\AppData\Local\Coupon Companion Plugin
    2013-01-28 16:41 - 2013-01-28 16:41 - 00000000 ____D C:\Program Files\Coupon Companion Plugin
    2013-01-28 13:52 - 2012-11-17 15:17 - 00000000 ____D C:\Users\Neo\AppData\Roaming\Skype
    2013-01-25 12:13 - 2013-01-25 12:13 - 00353675 ____A C:\Users\Neo\Documents\ark.txt
    2013-01-25 12:08 - 2013-01-25 12:08 - 00365568 ____A C:\Users\Neo\Downloads\49896it7.exe
    2013-01-25 12:06 - 2013-01-25 12:06 - 00002979 ____A C:\Users\Neo\Desktop\attach.txt
    2013-01-25 12:03 - 2013-01-25 12:06 - 00014399 ____A C:\Users\Neo\Desktop\dds.txt
    2013-01-25 12:00 - 2013-01-25 12:00 - 00688992 ____A (Swearware) C:\Users\Neo\Downloads\dds.scr
    2013-01-24 21:36 - 2013-01-24 21:35 - 00000000 ____D C:\Users\Neo\Documents\F drive
    2013-01-24 21:16 - 2013-01-24 21:16 - 01464303 ____A (Farbar) C:\Users\Neo\Downloads\FRST64.exe
    2013-01-24 20:28 - 2013-01-24 20:28 - 00000000 ____D C:\Windows\System32\appmgmt
    2013-01-24 18:09 - 2013-01-24 18:09 - 00000000 ____D C:\Users\Neo\Downloads\backups
    2013-01-24 17:52 - 2013-01-24 17:52 - 00388608 ____A (Trend Micro Inc.) C:\Users\Neo\Downloads\HijackThis.exe
    2013-01-23 19:12 - 2012-09-03 17:34 - 00031576 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
    2013-01-22 21:21 - 2012-06-04 16:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-01-19 08:02 - 2013-01-17 14:56 - 00022227 ____A C:\Users\Neo\Documents\tenant problems 1L.odt
    2013-01-18 17:21 - 2013-01-18 17:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-01-17 20:26 - 2013-01-02 17:56 - 00030589 ____A C:\Users\Neo\Documents\BDSM response.odt
    2013-01-16 09:37 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\System32\FxsTmp
    2013-01-15 10:29 - 2013-01-15 10:28 - 00004422 ____A C:\Windows\System32\jupdate-1.7.0_11-b21.log
    2013-01-15 10:29 - 2012-06-06 12:31 - 00000000 ____D C:\Program Files\Java
    2013-01-13 06:57 - 2013-01-13 06:57 - 00001028 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2013-01-12 00:30 - 2013-01-15 10:29 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
    2013-01-12 00:26 - 2013-01-15 10:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
    2013-01-12 00:24 - 2013-01-15 10:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
    2013-01-11 21:48 - 2012-06-04 17:39 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2013-01-11 05:48 - 2012-06-06 12:33 - 00000000 ____D C:\Program Files\Vuze
    2013-01-11 05:41 - 2012-10-01 15:50 - 00000935 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-01-10 10:06 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2013-01-09 14:25 - 2013-01-09 14:25 - 00000000 ____D C:\Users\Neo\AppData\Local\Logitech® Webcam Software
    2013-01-09 14:22 - 2009-07-13 20:33 - 00292552 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-01-09 10:46 - 2012-06-08 06:52 - 65273848 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-01-09 05:15 - 2012-10-03 16:04 - 00011205 ____A C:\Windows\System32\lvcoinst.log
    2013-01-09 05:15 - 2012-10-03 16:04 - 00000000 ____D C:\Program Files\Common Files\logishrd
    2013-01-09 05:15 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
    2013-01-09 05:14 - 2012-10-03 16:04 - 00001582 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    2013-01-09 04:51 - 2012-10-03 16:05 - 00000000 ____D C:\Windows\System32\logishrd
    2013-01-09 04:41 - 2012-11-13 08:28 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2013-01-09 04:41 - 2012-11-13 07:47 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2013-01-03 07:32 - 2013-01-03 07:32 - 00016047 ____A C:\Users\Neo\Downloads\ai.weiwei.never.sorry.(2012).eng.1cd.(4763692).zip


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 6%
    Total physical RAM: 7677.55 MB
    Available physical RAM: 7162.64 MB
    Total Pagefile: 7675.83 MB
    Available Pagefile: 7156.66 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1952.7 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:597.77 GB) NTFS
    2 Drive d: () (Fixed) (Total:465.76 GB) (Free:135.91 GB) NTFS
    4 Drive g: (HP V100W) (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 465 GB 1024 KB
    Disk 2 Online 7643 MB 0 B

    Partitions of Disk 0:
    ===============

    Disk ID: 8A32CEAC

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    =========================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Disk ID: 0ACA277D

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 31 KB

    =========================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 2:
    ===============

    Disk ID: 01CEF32D

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7643 MB 31 KB

    =========================================================

    Disk: 2
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G HP V100W FAT32 Removable 7643 MB Healthy

    =========================================================

    Last Boot: 2013-01-24 18:48

    ==================== End Of Log ============================
     
  15. alexnyc

    alexnyc Thread Starter

    Joined:
    Jan 25, 2013
    Messages:
    21
    For a second I got scared when I saw this message:

    Service Unavailable

    The server is temporarily unable to service your request. Please try again later. Reference #6.4dc88d3f.1359475226.d8616da



    I thought the virus eat my Internet connection to your answers.


    What should I do next?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086815

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice