Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help ASAP! HijackThis log


  • This topic is locked This topic is locked
8 replies to this topic

#1 joeyk_1415

joeyk_1415

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 November 2008 - 09:13 PM

Like in the title and when I try to go on to trendmicro.com in the bottom of IE it says 127.0.0.1 and I've already checked hosts. No Virus programs will update and I can't find anything. Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:04 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162300525359
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: karna.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 5167 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 AM

Posted 18 November 2008 - 09:15 PM

Hello joeyk_1415

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 joeyk_1415

joeyk_1415
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 November 2008 - 09:22 PM

Log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by trucking at 2008-11-18 20:19:32
Microsoft Windows XP Professional Service Pack 2
System drive C: has 139 GB (91%) free of 153 GB
Total RAM: 502 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:50 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
E:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\trucking.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162300525359
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 5047 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-07 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-07 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-07 118784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"COMODO Firewall Pro"=C:\Program Files\COMODO\Firewall\cfp.exe [2008-11-18 1655552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-15 2235920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-10-06 793712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\gogo.exe.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2008-04-23 29696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
KAKE First Alert.lnk - C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-02-07 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe"="C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe:*:Enabled:TrueWeather"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-18 20:19:32 ----D---- C:\rsit
2008-11-18 20:14:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-18 19:12:55 ----D---- C:\Documents and Settings\user\Application Data\Comodo
2008-11-18 19:12:55 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2008-11-18 19:12:55 ----A---- C:\WINDOWS\system32\guard32.dll
2008-11-18 19:12:53 ----D---- C:\Program Files\COMODO
2008-11-18 19:08:18 ----D---- C:\Documents and Settings\user\Application Data\Mozilla
2008-11-18 19:08:10 ----D---- C:\Program Files\Mozilla Firefox
2008-11-18 19:05:19 ----D---- C:\Program Files\mozilla.org
2008-11-18 18:22:55 ----D---- C:\Program Files\CCleaner
2008-11-17 23:33:35 ----D---- C:\Program Files\Trend Micro
2008-11-17 23:29:38 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-17 23:28:44 ----D---- C:\Program Files\SUPERAntiSpyware
2008-11-17 23:28:44 ----D---- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-11-17 23:22:35 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-11-17 23:18:42 ----D---- C:\WINDOWS\Prefetch
2008-11-17 22:16:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-17 21:51:13 ----D---- C:\Program Files\Lavasoft
2008-11-17 21:51:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-11-17 21:50:58 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-17 21:04:40 ----A---- C:\index.ini
2008-11-17 17:47:25 ----D---- C:\WINDOWS\cache
2008-11-17 16:38:13 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-17 16:38:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 16:17:34 ----D---- C:\Documents and Settings\user\Application Data\IObit
2008-11-17 16:17:33 ----D---- C:\Program Files\IObit
2008-11-14 10:02:30 ----D---- C:\Program Files\Windows Defender
2008-11-13 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-04 17:16:19 ----D---- C:\Program Files\The Weather Channel FW
2008-11-04 06:56:09 ----A---- C:\WINDOWS\system32\mfc71.dll
2008-10-31 07:20:45 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-10-31 07:20:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-24 02:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-18 20:14:57 ----D---- C:\WINDOWS\Temp
2008-11-18 20:14:32 ----SHD---- C:\WINDOWS\Installer
2008-11-18 20:14:27 ----D---- C:\WINDOWS
2008-11-18 20:14:17 ----D---- C:\Documents and Settings
2008-11-18 19:47:34 ----SD---- C:\WINDOWS\Tasks
2008-11-18 19:43:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-18 19:12:55 ----D---- C:\WINDOWS\system32\drivers
2008-11-18 19:12:55 ----D---- C:\WINDOWS\system32
2008-11-18 19:12:53 ----RD---- C:\Program Files
2008-11-18 18:25:58 ----D---- C:\WINDOWS\Debug
2008-11-18 18:25:57 ----D---- C:\WINDOWS\Minidump
2008-11-18 18:19:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-18 18:18:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 18:17:32 ----RASH---- C:\boot.ini
2008-11-18 18:17:32 ----A---- C:\WINDOWS\win.ini
2008-11-18 18:17:32 ----A---- C:\WINDOWS\SYSTEM.INI
2008-11-18 18:17:30 ----D---- C:\WINDOWS\pss
2008-11-18 17:04:15 ----D---- C:\WINDOWS\system32\wbem
2008-11-18 17:04:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-18 14:14:58 ----A---- C:\WINDOWS\TACWINP.INI
2008-11-18 14:13:51 ----A---- C:\WINDOWS\JJKELLER.INI
2008-11-18 08:12:50 ----D---- C:\TA100PRO
2008-11-18 08:05:02 ----HD---- C:\WINDOWS\inf
2008-11-18 03:01:15 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-18 03:01:15 ----D---- C:\Program Files\Messenger
2008-11-18 03:01:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-18 03:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-18 03:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-18 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-18 03:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-18 03:00:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-17 23:18:02 ----D---- C:\WINDOWS\system32\Setup
2008-11-17 23:18:02 ----D---- C:\WINDOWS\AppPatch
2008-11-17 23:18:01 ----D---- C:\WINDOWS\ime
2008-11-17 23:18:00 ----RSD---- C:\WINDOWS\Fonts
2008-11-17 23:12:03 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-17 23:09:29 ----D---- C:\WINDOWS\WinSxS
2008-11-17 23:09:10 ----D---- C:\WINDOWS\system32\usmt
2008-11-17 23:09:08 ----D---- C:\WINDOWS\system32\Restore
2008-11-17 23:09:07 ----D---- C:\WINDOWS\system32\oobe
2008-11-17 23:09:07 ----D---- C:\WINDOWS\system32\npp
2008-11-17 23:09:07 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-17 23:08:54 ----D---- C:\WINDOWS\system32\Com
2008-11-17 23:08:06 ----D---- C:\WINDOWS\system
2008-11-17 23:08:06 ----D---- C:\WINDOWS\srchasst
2008-11-17 23:07:03 ----D---- C:\WINDOWS\peernet
2008-11-17 23:07:02 ----D---- C:\WINDOWS\network diagnostic
2008-11-17 23:07:02 ----D---- C:\WINDOWS\mui
2008-11-17 23:07:01 ----D---- C:\WINDOWS\msagent
2008-11-17 23:06:58 ----D---- C:\WINDOWS\Help
2008-11-17 23:06:55 ----D---- C:\Program Files\Windows NT
2008-11-17 23:06:55 ----D---- C:\Program Files\Windows Media Player
2008-11-17 23:06:55 ----D---- C:\Program Files\Outlook Express
2008-11-17 23:06:54 ----D---- C:\Program Files\NetMeeting
2008-11-17 23:06:54 ----D---- C:\Program Files\Movie Maker
2008-11-17 23:06:50 ----D---- C:\Program Files\Common Files\System
2008-11-17 23:06:41 ----D---- C:\WINDOWS\system32\scripting
2008-11-17 23:06:41 ----D---- C:\WINDOWS\system32\en
2008-11-17 23:06:40 ----D---- C:\WINDOWS\system32\bits
2008-11-17 23:06:38 ----D---- C:\WINDOWS\l2schemas
2008-11-17 21:50:58 ----D---- C:\Program Files\Common Files
2008-11-17 18:55:03 ----HD---- C:\$AVG8.VAULT$
2008-11-17 16:28:44 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-14 10:34:06 ----A---- C:\WINDOWS\crw.ini
2008-11-14 10:02:30 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-14 07:20:55 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-11-13 03:00:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-07 15:46:43 ----D---- C:\Documents and Settings\user\Application Data\Adobe
2008-11-03 16:10:26 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-31 07:10:08 ----D---- C:\Program Files\ThinkVantage
2008-10-31 06:58:30 ----D---- C:\Program Files\Google
2008-10-31 06:58:11 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-30 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-25 26824]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-11-18 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-11-18 24208]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 DriverX;DriverX; C:\WINDOWS\system32\drivers\DriverX.sys [2001-06-11 52512]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-22 73728]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-07 1399615]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2003-03-31 9600]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 cmdAgent;COMODO Firewall Pro Helper Service; C:\Program Files\COMODO\Firewall\cmdagent.exe [2008-11-18 519936]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------


Info.txt
info.txt logfile of random's system information tool 1.04 2008-11-18 20:19:53

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Firewall Pro-->C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Foxpro 9 Library SP1-->MsiExec.exe /I{8D038B51-58CE-496F-BBC0-59666021AE24}
Foxpro Library-->MsiExec.exe /I{9220C6FD-3EA3-4DE8-8D83-34351700DF28}
FuelMasterPlus-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{634854A4-AAF6-4D12-ADAA-C14FDF6BE79A}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
InterVideo WinDVD Creator 3-->"C:\Program Files\InstallShield Installation Information\{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KAKE First Alert-->C:\WINDOWS\wnUninstall.exe "KAKE First Alert"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sentinel System Driver-->MsiExec.exe /I{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TA100 Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{020061B9-F211-44D2-909E-3A0465805BC9}\Setup.exe" -uninst
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O20 - AppInit_DLLs: karna.dat
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall Pro

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 AM

Posted 18 November 2008 - 09:40 PM

Hi I really don't see anything in those logs.

Download GMER from Here :
Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 joeyk_1415

joeyk_1415
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 November 2008 - 09:52 PM

The program will not open, but I'm still having a problem updating any type of anti-spyware or anti-virus. I also cannot run any online scans. Also when i search for something on yahoo and click on the link it redirects me to a random popup or site.

#6 joeyk_1415

joeyk_1415
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 November 2008 - 10:08 PM

I got the program running here is the log two items came up in red: GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-18 21:06:28
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAAF0EC8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xAAF0E3C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xAAF0E8A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xAAF0F43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xAAF0E080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xAAF10084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAAF0EE72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xAAF0DC50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xAAF0F0B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteValueKey [0xAAF0F268]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xAAF0DB02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xAAF0FD24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xAAF0EAB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xAAF0D822]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xAAF0E744]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xAAF0D9AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xAAF0F7F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAAF0E196]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xAAF0FAE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xAAF0FEC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetValueKey [0xAAF0F602]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xAAF0E5D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xAAF0E638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xAAF0DF4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xAAF0DE18]

Code E2405260 ZwEnumerateKey
Code E19C83A8 ZwFlushInstructionCache
Code AAEDBEAB pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP E19C83AC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619752 5 Bytes JMP E2405264
init C:\WINDOWS\System32\Drivers\DriverX.SYS entry point in "init" section [0xF86DA6FE]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[352] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00365060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00364F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00364C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003616D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00361550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00361860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00361230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 003613C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 44, 88 ]
.text C:\WINDOWS\system32\hkcmd.exe[468] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00364960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[468] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00364AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[524] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[524] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D3000A
.text C:\WINDOWS\Explorer.EXE[524] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D5000A
.text C:\WINDOWS\Explorer.EXE[524] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D4000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 007D5060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 007D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] GDI32.dll!BitBlt 77F16F79 3 Bytes JMP 007D1860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] GDI32.dll!BitBlt + 4 77F16F7D 1 Byte [ 88 ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] GDI32.dll!CreateDCA 77F1B249 3 Bytes JMP 007D1230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] GDI32.dll!CreateDCA + 4 77F1B24D 1 Byte [ 88 ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 007D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] GDI32.dll!CreateDCW + 4 77F1BE8D 1 Byte [ 88 ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] USER32.dll!EndTask 7E459E75 5 Bytes JMP 007D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] USER32.dll!mouse_event 7E466515 5 Bytes JMP 007D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] USER32.dll!keybd_event 7E466559 5 Bytes JMP 007D1550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 007D4960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[556] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 007D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[720] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[780] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[948] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1092] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1092] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1192] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1232] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1232] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1364] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1364] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\explorer.exe[1396] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[1396] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00D3000A
.text C:\WINDOWS\explorer.exe[1396] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D5000A
.text C:\WINDOWS\explorer.exe[1396] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\alg.exe[1540] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[1540] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1540] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003C5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003C4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003C1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 003C1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 003C13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 4A, 88 ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003C4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003C16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003C1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003C4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1564] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003C4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1672] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Messenger\msmsgs.exe[1752] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[1752] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1812] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1828] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[1852] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1876] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\igfxpers.exe[2044] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2044] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00AB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00AB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00AB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00AB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ B9, 88 ]
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00AB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00AB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00AB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00AB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[2276] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00AB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00AB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00AB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00AB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00AB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ B9, 88 ]
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00AB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00AB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00AB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00AB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\joey\jake.exe[2404] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00AB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00AB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00AB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00AB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00AB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ B9, 88 ]
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00AB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00AB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00AB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00AB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3132] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00AB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003D5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 4B, 88 ]
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003D4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe[3144] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00AB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00AB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00AB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00AB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ B9, 88 ]
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00AB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00AB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00AB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00AB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3216] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00AB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00AB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00AB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00AB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00AB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ B9, 88 ]
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00AB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00AB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00AB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00AB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3576] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00AB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00AB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00AB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00AB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00AB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00AB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ B9, 88 ]
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00AB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00AB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00AB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00AB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[3732] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00AB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00CB5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00CB4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] user32.dll!EndTask 7E459E75 5 Bytes JMP 00CB4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] user32.dll!mouse_event 7E466515 5 Bytes JMP 00CB16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] user32.dll!keybd_event 7E466559 5 Bytes JMP 00CB1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00CB1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00CB1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00CB13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ D9, 88 ]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00CB4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[3832] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00CB4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[3920] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3920] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8370990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8370990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8370990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8370990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8370990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8370950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8370990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8370710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8370770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs AA08B400

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\TDSSmplt.sys (*** hidden *** ) AAEDA000-AAEEC000 (73728 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:396 AAEDCD66

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSmplt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmplt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmplt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoity.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtve.dat
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSarxx.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvoql.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSnvuv.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSdxcp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyf.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmplt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmplt.sys
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoity.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtve.dat
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSarxx.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvoql.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSnvuv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSdxcp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyf.log
Reg HKLM\SYSTEM\ControlSet002\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmplt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmplt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoity.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtve.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSarxx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvoql.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSnvuv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSdxcp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyf.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@affid 5
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@subid 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@control 0x09 0x19 0x1F 0x16 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssData@flagged 1

---- EOF - GMER 1.0.14 ----

#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 AM

Posted 18 November 2008 - 10:52 PM

Yes you have a rootkit present.
One or more of the identified infections is a backdoor threat.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
=============================
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#8 joeyk_1415

joeyk_1415
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 18 November 2008 - 11:16 PM

Combofix log:
ComboFix 08-11-18.03 - trucking 2008-11-18 22:04:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.213 [GMT -6:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\TDSSmplt.sys
c:\windows\system32\TDSSarxx.dll
c:\windows\system32\TDSSdxcp.dll
c:\windows\system32\TDSSkkai.log
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSnvuv.dll
c:\windows\system32\TDSSoity.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSvoql.dll
c:\windows\system32\TDSSxhyf.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 20:19 . 2008-11-18 20:19 <DIR> d-------- C:\rsit
2008-11-18 20:14 . 2008-11-18 20:14 <DIR> d-------- c:\documents and settings\Trucking1\Application Data\Comodo
2008-11-18 20:14 . 2008-11-18 20:14 <DIR> d-------- c:\documents and settings\Trucking1
2008-11-18 19:12 . 2008-11-18 19:12 <DIR> d-------- c:\program files\COMODO
2008-11-18 19:12 . 2008-11-18 19:12 <DIR> d-------- c:\documents and settings\user\Application Data\Comodo
2008-11-18 19:12 . 2008-11-18 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2008-11-18 19:12 . 2008-11-18 19:12 143,104 --a------ c:\windows\system32\guard32.dll
2008-11-18 19:12 . 2008-11-18 19:12 87,056 --a------ c:\windows\system32\drivers\cmdguard.sys
2008-11-18 19:12 . 2008-11-18 19:12 24,208 --a------ c:\windows\system32\drivers\cmdhlp.sys
2008-11-18 19:08 . 2008-11-18 19:08 0 --a------ c:\windows\nsreg.dat
2008-11-18 19:05 . 2008-11-18 19:05 <DIR> d-------- c:\program files\mozilla.org
2008-11-18 18:22 . 2008-11-18 18:22 <DIR> d-------- c:\program files\CCleaner
2008-11-17 23:33 . 2008-11-17 23:33 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 23:29 . 2008-11-17 23:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-17 23:28 . 2008-11-17 23:29 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-17 23:28 . 2008-11-17 23:28 <DIR> d-------- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2008-11-17 23:22 . 2008-11-17 23:51 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-17 22:16 . 2008-11-17 22:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-17 22:16 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-17 22:16 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-17 21:51 . 2008-11-17 21:51 <DIR> d-------- c:\program files\Lavasoft
2008-11-17 21:51 . 2008-11-17 21:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-17 21:50 . 2008-11-17 23:28 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-17 21:04 . 2008-11-17 21:05 108 --a------ C:\index.ini
2008-11-17 17:47 . 2008-11-17 17:47 <DIR> d-------- c:\windows\cache
2008-11-17 17:01 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2008-11-17 17:00 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2008-11-17 16:59 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys
2008-11-17 16:58 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2008-11-17 16:57 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2008-11-17 16:56 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2008-11-17 16:55 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2008-11-17 16:54 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys
2008-11-17 16:50 . 2008-04-13 13:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-11-17 16:38 . 2008-11-17 20:37 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-17 16:38 . 2008-11-18 18:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 16:17 . 2008-11-17 16:17 <DIR> d-------- c:\program files\IObit
2008-11-17 16:17 . 2008-11-17 16:17 <DIR> d-------- c:\documents and settings\user\Application Data\IObit
2008-11-14 10:02 . 2008-11-14 10:02 <DIR> d-------- c:\program files\Windows Defender
2008-11-04 17:16 . 2008-11-04 17:16 <DIR> d-------- c:\program files\The Weather Channel FW
2008-11-04 06:56 . 2006-10-30 15:51 1,060,864 --a------ c:\windows\system32\mfc71.dll
2008-10-31 07:20 . 2008-10-31 07:20 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2008-10-31 07:20 . 2008-10-31 07:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 22:28 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-14 13:20 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-31 13:10 --------- d-----w c:\program files\ThinkVantage
2008-10-31 12:58 --------- d-----w c:\program files\Google
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-09 21:58 61,440 ----a-w c:\windows\wnUninstall.exe
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-25 18:50 10,520 ----a-w c:\windows\system32\avgrsstx.dll
.

------- Sigcheck -------

2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\ServicePackFiles\i386\termsrv.dll
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\termsrv.dll
2004-08-03 23:56 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\system32\termsrv.dll
2008-04-13 18:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\system32\dllcache\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-11-15 2235920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-09-30 1234712]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-18 1655552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
KAKE First Alert.lnk - c:\program files\Common Files\KAKE First Alert\TrueWeather.exe [2007-08-17 5786112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
--a------ 2008-10-06 09:41 793712 c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-08-19 23:34 1576176 c:\program files\SUPERAntiSpyware\gogo.exe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\KAKE First Alert\\TrueWeather.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-08-25 97928]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-18 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-18 24208]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-25 231704]
R2 DriverX;DriverX;c:\windows\system32\drivers\DriverX.sys [2001-06-11 52512]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-17 38496]
S4 hpt3xx;hpt3xx; []
.
Contents of the 'Scheduled Tasks' folder

2008-11-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
Notify-dimsntfy - (no file)



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 22:09:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-11-18 22:12:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-19 04:12:27

Pre-Run: 146,073,075,712 bytes free
Post-Run: 146,003,578,880 bytes free

185 --- E O F --- 2008-11-18 09:01:15


Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:10 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: KAKE First Alert.lnk = C:\Program Files\Common Files\KAKE First Alert\TrueWeather.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162300525359
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 4982 bytes

#9 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 AM

Posted 19 November 2008 - 07:15 AM

Looks much better.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
========
After that post that log and a new Hijackthis log and let mek now how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users