1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Slow and odd, HJT log

Discussion in 'Virus & Other Malware Removal' started by srjr, Nov 9, 2011.

Thread Status:
Not open for further replies.
  1. srjr

    srjr Thread Starter

    Joined:
    Nov 8, 2011
    Messages:
    15
    Hi, startup time is roughly the same but programs used to load instantly when clicked. Now it takes quite awhile for them to load. I have used the Startup tab in msconfig in the past. I have also used the usual utilities (disk cleanup, defrag, mbam, etc) and it has not made much of a difference. When the computer is powered on or rebooted and My documents is first opened, it freezes the whole computer for 10-45 seconds on some days. Many of the programs in Add/Remove Programs do not have a Remove option. Firefox also remains running in the background when closed sometimes, and I get the "Firefox is already running..." error and I have to end the process before being able to open it again. Any help is appreciated, thanks!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:18:36 PM, on 11/8/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\AI Gear\GearHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKCU\..\Run: [Ai Gear Help] C:\Program Files\ASUS\AI Gear\GearHelp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
    O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    --
    End of file - 7388 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
    Run by Administrator at 14:32:09 on 2011-11-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1218 [GMT -8:00]
    .
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: COMODO Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ASUS\AI Gear\GearHelp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    uRun: [Ai Gear Help] c:\program files\asus\ai gear\GearHelp.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
    mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
    mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    TCP: Interfaces\{12F9E9BB-5AEC-44B5-8AD9-D0E901EBB14C} : DhcpNameServer = 64.59.144.16 64.59.144.17 64.59.150.132
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\windows defender\MpShHook.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\gxsqwayw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-3 64512]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-6-23 130936]
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-6-1 18056]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-6-4 492768]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-6-1 31704]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/14 13:56:35];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-7-11 328536]
    R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-6-1 1883328]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-26 100712]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-3 27632]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-3-31 2152152]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-6-3 13224]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-3-31 15232]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [2007-1-14 19020]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-10-10 30368]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsauxs.exe --> c:\program files\spyware doctor\pctsAuxs.exe [?]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctssvc.exe --> c:\program files\spyware doctor\pctsSvc.exe [?]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-10-10 16080]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-3 14336]
    S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-1-7 158720]
    S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-1-7 5248]
    S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-10-10 239600]
    S4 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-10-10 820568]
    .
    =============== Created Last 30 ================
    .
    2011-11-05 19:23:57 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0584772f-ae6b-417c-ac43-89618fe7f931}\offreg.dll
    2011-11-03 07:13:59 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{0584772f-ae6b-417c-ac43-89618fe7f931}\mpengine.dll
    2011-10-26 06:27:04 33984 ----a-w- c:\windows\system32\cmdcsr.dll
    2011-10-11 04:01:17 -------- d-----w- c:\documents and settings\all users\application data\IObit
    .
    ==================== Find3M ====================
    .
    2011-10-07 17:48:01 31704 -c--a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-10-07 17:48:00 492768 -c--a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-10-07 17:47:59 18056 -c--a-w- c:\windows\system32\drivers\cmderd.sys
    2011-10-07 17:47:10 300200 ----a-w- c:\windows\system32\guard32.dll
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-09-01 00:00:50 22216 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2004-10-01 23:00:16 40960 -c--a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 14:34:53.06 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-08 17:55:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000076 ST3160811AS rev.3.AAE
    Running: vwud60xw.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kweirfow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA9B7879A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xA9B77D46]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xA9B78400]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB7EB5514]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB7EA4282]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB7EA4474]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xA9B7AABC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA9B7AE3A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xA9B77732]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB7EB5D00]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB7EB5FB8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xA9B77538]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xA9B796C6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xA9B7991C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xA9B7A4EE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xA9B7800E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xA9B785DC]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB7EB43FA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xA9B77166]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xA9B782A8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xA9B7736A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xA9B79B2A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xA9B79F7E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xA9B79D3C]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB7EB6422]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xA9B78DB6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xA9B7A7DA]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB7EB57D8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xA9B77F78]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xA9B78194]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB7EA3F32]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xA9B77936]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes JMP EA4474B7
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes JMP B77936B7
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB55C03A0, 0x5CC259, 0xE8000020]
    init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB518DA00]
    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xB18C92E0]
    .text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xA842B000, 0x2892, 0xE8000020]
    .vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xA844E050]
    ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 009FD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [0F, 84]
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00A0BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00A0B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A07DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009FD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A04F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A05AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A03A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A04370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00A08BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00A08970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A09CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00A09BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerhid.exe[364] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00BDD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [2D, 84]
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00BEBB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00BEB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BE7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00BDD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00BE3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00BE4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00BE8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00BE8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00BE9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Microsoft IntelliType Pro\type32.exe[372] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00BE9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[388] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0076BD10 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\RUNDLL32.EXE[416] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ADVAPI32.DLL!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] ADVAPI32.DLL!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\ASUS\AI Gear\GearHelp.exe[464] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\ctfmon.exe[532] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\csrss.exe[828] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\nvsvc32.exe[1072] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 0125D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [95, 84]
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 0126BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 0126B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01267DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0125D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01264F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01265AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 01263A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 01264370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 01268BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 01268970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 01269CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[1112] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 01269BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1156] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1208] rpcss.dll!WhichService 76A84234 8 Bytes JMP ED301001
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe[1264] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1288] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1304] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00526240 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1304] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0053F8A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F040 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[1340] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1364] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Ahead\InCD\InCDsrv.exe[1436] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[1444] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1508] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\spoolsv.exe[1888] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\Explorer.EXE[1940] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\svchost.exe[2084] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Documents and Settings\Administrator\Desktop\vwud60xw.exe[2272] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\system32\wuauclt.exe[2308] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00EAD060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [5A, 84]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00EBBB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00EBB800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00EB7DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00EAD180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EB4F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EB5AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00EB3A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00EB4370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00EB8BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00EB8970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00EB9CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00EB9BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1069E349 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1069E2DB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104589A7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2680] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10458F65 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002AD40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002ADC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002ADA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002AD60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A3D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002ACE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A380 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002ACA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002ACC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002AD80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A690 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002AC80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002ABC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002A9C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002AC60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002A9A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002A9E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002ABA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AA60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AAE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002ABE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002AB80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002AB60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AA40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AAA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AA80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AAC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002AB40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002AC40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3156] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\Program Files\Razer\Copperhead\razerofa.exe[3252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D060 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D180 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
    .text C:\WINDOWS\System32\alg.exe[3392] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024370 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)
    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0xF5 0xD7 0x21 0x4B ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet021\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet023\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet024\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet025\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet026\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet027\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet028\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet029\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet030\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\[email protected] 0x9F 0x1F 0xBB 0xB3 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xF4 0x7E 0x10 0xD7 ...
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet032\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x5A 0xF7 0xE3 0x48 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs C:\WINDOWS\system32\guard32.dll

    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\51167523-63206e54.info 280 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BF179D23-8264-4E77-8892-4CCDBD0ECED6.data 607260 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\BF179D23-8264-4E77-8892-4CCDBD0ECED6.data.info 210 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\_avast_ 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    37,219
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1026148

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice