Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re-infected :(.


  • This topic is locked This topic is locked
20 replies to this topic

#1 killaessien

killaessien

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 January 2009 - 11:48 PM

I recently had an issue with Antivirus 2009 and I believe my sister may have reinfected the system.
Heres a HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:19, on 1/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Malwarebytes' Anti-Malwares\mbam.exe
C:\Program Files\Safari\Safari.exe
C:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {3fe96488-9c61-43ab-80d4-eff8a93e2ec0} - {0ce2e39a-8ffe-4d08-ba34-16c988469ef3} - C:\WINDOWS\system32\jcheme.dll
O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {615E2536-3E60-4E08-9987-3CDA01761110} - C:\WINDOWS\system32\qomKETKa.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Valve\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CPQ1400P.lnk = C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
O4 - Global Startup: eFax DllCmd 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 4.0.lnk = C:\Program Files\eFax Messenger 4.0\J2GTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} (Nps Control) - http://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://gameadvisor.futuremark.com/global/msc3121.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll jcheme.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Nexon\Mabinogi\npkcmsvc.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 14799 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 13 January 2009 - 03:29 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Download and Run DDS
If you already have a copy of DDS, there is not need to download a new one.

Download DDS by sUBs from any of the links below:
DDS.com, DDS.scr, DDS.pif

Double click its icon to run it. If you are using Windows Vista, right click it and select "Run as Administrator".
When the scan is finished, two logs will open.
Post DDS.txt directly into your reply. Attach Attach.txt.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. If you are using Windows Vista, right click the icon and select "Run as Administrator". Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
Please tell me what changes have been made to the computer since your topic was started. Also give me an update on any symptoms.

With Regards,
The Panda

#3 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 January 2009 - 10:33 PM

Hey Panda, thanks for taking up my topic. Since first post I believe there are new problems sprouting up such as: Computer's automatic shutdown prompt initiates when I leave my computer on without connection to the computer and receive a error message. Also I receive a constant pop-up from isptest or some website.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2005 9:44:57 PM
System Uptime: 1/14/2009 5:41:38 PM (5 hours ago)

Motherboard: | |
Processor: Intel® Celeron® CPU 2.93GHz | J2E1 | 2933/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 7.607 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM ()
K: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0001
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0001
Service: hamachi

==== System Restore Points ===================

RP1: 1/2/2009 10:08:43 PM - System Checkpoint
RP2: 1/2/2009 10:08:44 PM - System Checkpoint
RP3: 1/2/2009 10:08:45 PM - Removed Kaspersky Anti-Virus 7.0.
RP4: 1/2/2009 10:08:46 PM - System Checkpoint
RP5: 1/2/2009 10:08:47 PM - Avg8 Update
RP6: 1/2/2009 10:08:48 PM - System Checkpoint
RP7: 1/2/2009 10:08:48 PM - System Checkpoint
RP8: 1/2/2009 10:08:49 PM - System Checkpoint
RP9: 1/2/2009 10:08:50 PM - System Checkpoint
RP10: 1/2/2009 10:08:50 PM - System Checkpoint
RP11: 1/2/2009 10:08:51 PM - System Checkpoint
RP12: 1/2/2009 10:08:51 PM - System Checkpoint
RP13: 1/2/2009 10:08:52 PM - System Checkpoint
RP14: 1/2/2009 10:08:53 PM - System Checkpoint
RP15: 1/2/2009 10:08:54 PM - Software Distribution Service 3.0
RP16: 1/2/2009 10:08:56 PM - Avg8 Update
RP17: 1/2/2009 10:08:56 PM - System Checkpoint
RP18: 1/2/2009 10:08:57 PM - System Checkpoint
RP19: 1/2/2009 10:08:58 PM - Installed Microsoft Office Professional 2007
RP20: 1/2/2009 10:08:58 PM - Installed Microsoft Office Professional 2007 Trial
RP21: 1/2/2009 10:09:00 PM - Installed Microsoft Office Home and Student 2007 Trial
RP22: 1/2/2009 10:09:01 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP23: 1/2/2009 10:09:01 PM - Software Distribution Service 3.0
RP24: 1/2/2009 10:09:02 PM - Software Distribution Service 3.0
RP25: 1/2/2009 10:09:09 PM - Software Distribution Service 3.0
RP26: 1/2/2009 10:09:09 PM - Software Distribution Service 3.0
RP27: 1/2/2009 10:09:10 PM - System Checkpoint
RP28: 1/2/2009 10:09:11 PM - System Checkpoint
RP29: 1/2/2009 10:09:11 PM - System Checkpoint
RP30: 1/2/2009 10:09:12 PM - System Checkpoint
RP31: 1/2/2009 10:09:13 PM - System Checkpoint
RP32: 1/2/2009 10:09:14 PM - System Checkpoint
RP33: 1/2/2009 10:09:15 PM - System Checkpoint
RP34: 1/2/2009 10:09:16 PM - System Checkpoint
RP35: 1/2/2009 10:09:16 PM - System Checkpoint
RP36: 1/2/2009 10:09:17 PM - System Checkpoint
RP37: 1/2/2009 10:09:17 PM - System Checkpoint
RP38: 1/2/2009 10:09:19 PM - System Checkpoint
RP39: 1/2/2009 10:09:21 PM - Shockwave Player
RP40: 1/2/2009 10:09:21 PM - Shockwave Player
RP41: 1/10/2009 8:47:35 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.57
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertisement Service
AGEIA PhysX v7.09.13
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar 2.0
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Audacity 1.2.6
AudibleManager
AutoUpdate
AVG Free 8.0
BannedStory
BannedStory 3.0
BigFix
BitTorrent 5.0.9
Bonjour
CABAL Online
Call of Duty Game of the Year Edition
CC_ccStart
CCleaner (remove only)
Collab
Comcast High-Speed Internet Install Wizard
COMODO Internet Security
COMODO SafeSurf
Compaq 1400P Inkjet Printer
Creative System Information
Creative ZEN
Crossword Weaver 8.0
DAEMON Tools Toolbar
Daemons Ring Gunz Full Client 16th July 2008
Desktop Doctor
Digital Media Reader
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DNA
ebgcInfra
ebgcRes
ebgcSDK
EclipseCrossword
eFax Messenger 4.0
eMule
EVGA Display Driver
FL Studio 8
Form Fill (Windows Live Toolbar)
Fraps
free-downloads.net Toolbar
Futuremark Measurement Services Client
GAMENAO - GunZ
GameSpy Arcade
GameTap
GDR 3073 for SQL Server Database Services 2005 ENU (KB954606)
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life® 2
Hamachi 1.0.2.5
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
ijji
ijji Auto Installer
ijji FireFox Launcher 1.0
IL Download Manager
Image Resizer Powertoy for Windows XP
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2
Jojo's Fashion Show (remove only)
Learn2 Player (Uninstall Only)
Lexmark 7300 Series
LimeWire 4.18.8
LiveUpdate 1.90 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Harmony Remote Software 7
Logitech SetPoint
MAIET entertainment - Gunz
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover 1.22
Map Button (Windows Live Toolbar)
MapleStory
Micrografx Instant 3D 1.2
Micrografx PhotoMagic 6
Micrografx Windows Draw 6
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher 2007
Microsoft Office Publisher 2007 Trial
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Project 98
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Works
Mobipocket Reader 6.1
Mozilla Firefox (3.0.5)
Mp3tag v2.41
MPlugin
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MySQL Server 5.0
MySQL Tools for 5.0
NetZero Internet
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NSIS MapleNAO
OneCare Advisor (Windows Live Toolbar)
OPERATION7
Outspark Launcher
Pack Vista Inspirat 2 1.0
PDF-XChange 3.5
PDF Settings
Peachtree Complete Accounting 2005
PoiZone
Popup Blocker (Windows Live Toolbar)
PowerDVD
PSP Video 9 2.25
Pure Networks Port Magic
QuickTime
RBO Extra Scenario Vol.3
RealPlayer Basic
Remote Control USB Driver
Rhapsody Player Engine
RivaTuner v2.10
Rumble Fighter
S4 League
Safari
Sally's Salon (remove only)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Smart Menus (Windows Live Toolbar)
SoftV92 Data Fax Modem with SmartCP
Soldat 1.4.2
Sony Vegas Pro 8.0
SoundMAX
Spadester
SPORE™
Spybot - Search & Destroy 1.4
Stamps.com
Steam™
StepMania (remove only)
SUPERAntiSpyware Free Edition
SymNet
System Requirements Lab
Tabbed Browsing (Windows Live Toolbar)
THE GAME OF LIFE - Path to Success
Thoosje Sidebar V2.3
Timeline Maker Professional 2.0
Toxic Biohazard
Ulead Photo Express 4.0 My Custom Edition
Unreal Anthology
Update for Office 2007 (KB946691)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Ventrilo Client
VeohTV BETA
Viewpoint Media Player
WebFldrs XP
WinAce Archiver
Winamp
Winamp Remote
Winamp Toolbar for Firefox
Winamp Toolbar for Internet Explorer
Windows Backup Utility
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
WinZip 11.1
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZENcast Organizer
Zuma Deluxe 1.0

==== Event Viewer Messages From Past Week ========

1/8/2009 6:35:31 PM, error: Service Control Manager [7000] - The npkcrypt service failed to start due to the following error: The system cannot find the path specified.
1/8/2009 6:35:31 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.
1/8/2009 6:35:30 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/8/2009 6:31:20 PM, error: System Error [1003] - Error code 0000009c, parameter1 00000000, parameter2 8054e0f0, parameter3 a2000000, parameter4 84010400.
1/8/2009 5:08:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/8/2009 5:04:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cmdGuard Fips intelppm oreans32 SASDIFSV SASKUTIL
1/8/2009 7:21:59 AM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 000CF1F27D76 has been denied by the DHCP server 68.87.74.32 (The DHCP Server sent a DHCPNACK message).
1/8/2009 7:21:30 AM, error: Dhcp [1002] - The IP address lease 71.56.24.253 for the Network Card with network address 000CF1F27D76 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
1/7/2009 5:37:27 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/7/2009 5:37:27 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/7/2009 12:00:12 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/7/2009 12:00:06 PM, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
1/8/2009 8:04:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/10/2009 10:20:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
1/14/2009 7:39:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde

==== End Of File ===========================


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 22:28:29.31 on Wed 01/14/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.445 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Safari\Safari.exe
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Saf38.tmp\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\nzsearch\SearchEnh1.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: {3fe96488-9c61-43ab-80d4-eff8a93e2ec0}: {0ce2e39a-8ffe-4d08-ba34-16c988469ef3} - c:\windows\system32\jcheme.dll
BHO: Popup-Blocker Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {615e2536-3e60-4e08-9987-3cda01761110} - c:\windows\system32\qomKETKa.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [spc_w] "c:\program files\nzsearch\nzspc.exe" -w
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [Steam] "c:\program files\valve\steam\Steam.exe" -silent
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [LXCICATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCItime.dll,_RunDLLEntry@16
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
dRun: [msiexec.exe] msiconf.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\transbar.lnk - c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista inspirat 2\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cpq1400p.lnk - c:\program files\compaq 1400p inkjet printer\CPQ1400P.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxdl~1.lnk - c:\program files\efax messenger 4.0\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger 4.0\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: &Search
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\docume~1\owner\locals~1\temp\ntdll64.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll jcheme.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\qomKETKa

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qplfiwat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qplfiwat.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-10 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-10 26824]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-27 99216]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-27 31504]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-10-26 33824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-10 231704]
R4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2008-11-27 618232]
R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
S3 XDva009;XDva009;\??\c:\windows\system32\xdva009.sys --> c:\windows\system32\XDva009.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\xdva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva120;XDva120;\??\c:\windows\system32\xdva120.sys --> c:\windows\system32\XDva120.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\xdva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva201;XDva201;\??\c:\windows\system32\xdva201.sys --> c:\windows\system32\XDva201.sys [?]
S3 XDva212;XDva212;\??\c:\windows\system32\xdva212.sys --> c:\windows\system32\XDva212.sys [?]

=============== Created Last 30 ================

2009-01-14 22:17 250 a------- c:\windows\gmer.ini
2009-01-12 13:45 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-12 13:45 111,616 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-12 13:44 1 a------- c:\windows\system32\uniq.tll
2009-01-12 13:44 1 a------- c:\windows\system32\test.ttt
2009-01-10 21:03 <DIR> --d----- C:\Netgame
2009-01-10 20:47 78,784 a------- c:\windows\system32\ISUSPM.cpl
2009-01-09 22:27 13,056 a------- c:\windows\system32\drivers\L8042Kbd.SYS
2009-01-09 22:26 36,480 a------- c:\windows\system32\drivers\LHidUsbK.sys
2009-01-09 22:26 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-01-09 22:26 49,152 a------- c:\windows\KHALMNPR.Exe
2009-01-09 22:26 24,704 a------- c:\windows\system32\drivers\LHidKE.Sys
2009-01-09 19:39 68,992 a------- c:\windows\system32\drivers\LMouKE.Sys
2009-01-09 19:39 52,992 a------- c:\windows\system32\drivers\L8042MOU.SYS
2009-01-09 19:38 <DIR> --d----- c:\program files\common files\Logitech
2009-01-08 19:04 155,648 a------- c:\windows\system32\igfxres.dll
2009-01-08 16:56 <DIR> --d----- c:\windows\NV7401208.TMP
2009-01-08 16:48 <DIR> --d----- c:\windows\NV25201788.TMP
2009-01-03 12:29 <DIR> --d----- c:\program files\StepMania
2009-01-02 22:04 61,440 a------- c:\windows\system32\drivers\zaapobh.sys
2008-12-31 13:49 <DIR> --d----- c:\windows\system32\Adobe
2008-12-16 07:37 <DIR> --d----- c:\windows\system32\scripting
2008-12-16 07:37 <DIR> --d----- c:\windows\l2schemas
2008-12-16 07:37 <DIR> --d----- c:\windows\system32\en
2008-12-16 07:32 <DIR> --d----- c:\windows\network diagnostic
2008-12-16 03:01 <DIR> --d----- c:\windows\SQL9_KB954606_ENU

==================== Find3M ====================

2009-01-12 13:45 111,616 a------- c:\windows\system32\userinit.exe
2008-12-17 20:26 13,016 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-12-16 07:41 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-27 00:01 249,592 a------- c:\windows\system32\cssdll32.dll
2008-11-27 00:01 143,096 a------- c:\windows\system32\guard32.dll
2008-11-27 00:01 99,216 a------- c:\windows\system32\drivers\cmdguard.sys
2008-11-27 00:01 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys
2008-11-19 20:28 74,336 a---h--- c:\windows\system32\mlfcache.dat
2008-11-10 20:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-20 21:15 848 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-10-20 21:15 88 ---shr-- c:\docume~1\alluse~1\applic~1\67A4EFC0B1.sys
2008-09-17 15:10 784 a------- c:\docume~1\owner\applic~1\mpauth.dat
2007-02-06 16:33 194,376 a------- c:\docume~1\owner\applic~1\shb.dat

============= FINISH: 22:30:28.00 ===============

Attached Files

  • Attached File  gmer.txt   180.08KB   1 downloads


#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 15 January 2009 - 11:41 AM

Hello.

I see that you are running more than one antivirus program, Symantec and AVG. It is not recommended that you do so. In addition to wasting resources, the programs may detect virus signatures in the other and cause false positives. The different drivers used by the programs can cause crashes.

Please uninstall them until you are only running one antivirus using Add/Remove Programs.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
To disable Norton Antivirus.
  • Right click on thr Norton icon (Posted Image) beside your click and select Disable Auto-Protect.
  • Select a disabled duration of 5 hours to ensure that it will not interfere with this fix.
  • Click OK to apply the settings.
When done properly, you should recieve a pop-up warning saying that protection was disabled. The Norton icon should now look like Posted Image.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
With Regards,
The Panda

#5 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 16 January 2009 - 07:41 AM

Hey Panda, my internet was unable to connect to the internet for a bit until the use of Combo fix. I continuously received an error every time I tried to access it, yet when I plugged the internet to my Xbox or any other device it worked perfectly fine.
Here is the Combofix log:
"Owner" - 2009-01-16 7:22:36 - ComboFix 07-07-22.4 - Service Pack 3 NTFS


((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))


2009-01-16 07:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2009-01-15 17:19 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\SUPERAntiSpyware.com
2009-01-15 16:35 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\Malwarebytes
2009-01-15 16:33 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\Ventrilo
2009-01-10 22:21 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\Logitech
2009-01-10 21:03 <DIR> d-------- C:\Netgame
2009-01-09 22:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech
2009-01-09 22:27 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2009-01-09 22:26 49,152 --a------ C:\WINDOWS\KHALMNPR.Exe
2009-01-09 22:26 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2009-01-09 22:26 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2009-01-09 22:26 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2009-01-09 19:39 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2009-01-09 19:39 52,992 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2009-01-09 19:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2009-01-08 19:04 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2009-01-08 18:45 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\DivX
2009-01-08 16:56 <DIR> d-------- C:\WINDOWS\NV7401208.TMP
2009-01-08 16:48 <DIR> d-------- C:\WINDOWS\NV25201788.TMP
2009-01-03 12:29 <DIR> d-------- C:\Program Files\StepMania
2009-01-02 22:04 61,440 --a------ C:\WINDOWS\system32\drivers\zaapobh.sys
2008-12-16 16:06 <DIR> d-------- C:\WINDOWS\Prefetch
2008-12-16 07:37 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-12-16 07:37 <DIR> d-------- C:\WINDOWS\system32\en
2008-12-16 07:37 <DIR> d-------- C:\WINDOWS\l2schemas
2008-12-16 07:32 <DIR> d-------- C:\WINDOWS\network diagnostic
2008-12-16 03:01 <DIR> d-------- C:\WINDOWS\SQL9_KB954606_ENU


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-01-16 12:23:33 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DNA
2009-01-16 12:15:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Xfire
2009-01-16 12:14:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2009-01-16 12:14:09 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2009-01-16 12:13:26 -------- d-----w C:\Program Files\DNA
2009-01-15 21:25:24 -------- d-----w C:\Program Files\NetZero
2009-01-14 23:03:58 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-01-14 23:00:07 -------- d-----w C:\Program Files\Norton Security Scan
2009-01-12 18:45:12 111,616 ----a-w C:\WINDOWS\system32\userinit.exe
2009-01-11 01:47:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2009-01-11 01:47:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-10 00:38:20 -------- d-----w C:\Program Files\Logitech
2009-01-10 00:34:31 -------- d-----w C:\Program Files\Lx_cats
2009-01-08 23:55:33 -------- d-----w C:\Program Files\LimeWire
2008-12-30 01:09:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2008-12-18 01:26:31 13,016 ----a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2008-12-16 21:27:20 -------- d-----w C:\Program Files\MSN Messenger
2008-12-16 12:43:53 -------- d-----w C:\Program Files\Messenger
2008-12-16 12:37:51 -------- d-----w C:\Program Files\Movie Maker
2008-12-16 12:34:51 -------- d-----w C:\Program Files\Windows NT
2008-12-16 08:02:21 -------- d-----w C:\Program Files\Microsoft SQL Server
2008-12-15 23:28:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo
2008-12-15 23:20:22 -------- d-----w C:\Program Files\Microsoft.NET
2008-11-28 18:33:18 -------- d-----w C:\Program Files\AskBarDis
2008-11-27 05:01:41 249,592 ----a-w C:\WINDOWS\system32\cssdll32.dll
2008-11-27 05:01:41 -------- d-----w C:\Program Files\COMODO
2008-11-27 05:01:08 143,096 ----a-w C:\WINDOWS\system32\guard32.dll
2008-11-27 05:01:07 99,216 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-11-27 05:01:07 31,504 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-11-27 03:37:43 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Malwarebytes
2008-11-21 21:28:55 -------- d-----w C:\Program Files\Daemons Ring Gunz
2008-11-20 01:28:59 74,336 ---ha-w C:\WINDOWS\system32\mlfcache.dat
2008-11-18 00:19:06 -------- d-----w C:\Program Files\trend micro
2008-11-11 01:35:00 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-11-08 16:40:29 96 ---ha-w C:\WINDOWS\system32\HsInfo.dat
2008-10-23 12:36:14 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-10-16 19:13:40 202,776 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-10-16 19:13:40 1,809,944 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-10-16 19:12:22 323,608 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-10-16 19:12:20 561,688 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-10-16 19:09:44 92,696 ----a-w C:\WINDOWS\system32\cdm.dll
2008-10-16 19:09:44 51,224 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-10-16 19:09:44 43,544 ----a-w C:\WINDOWS\system32\wups2.dll
2008-10-16 19:08:58 34,328 ----a-w C:\WINDOWS\system32\wups.dll
2008-10-16 19:06:48 268,648 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-10-16 19:06:48 208,744 ----a-w C:\WINDOWS\system32\muweb.dll
2008-09-17 20:10:10 784 ----a-w C:\DOCUME~1\Owner\APPLIC~1\mpauth.dat
2007-02-06 21:33:12 194,376 ----a-w C:\DOCUME~1\Owner\APPLIC~1\shb.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{615E2536-3E60-4E08-9987-3CDA01761110}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 15:51 1266992]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 06:51 691656]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 13:54 1555480]

[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CLASSES_ROOT\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 15:51 1266992]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 06:51 691656]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 13:54 1555480]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[-HKEY_CLASSES_ROOT\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 14:07]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 16:17]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 17:18]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-10-10 20:52]
"lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 09:47]
"EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 07:05]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 12:25]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 10:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 14:09]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 17:57]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-27 09:56]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-11-27 00:01]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2008-11-27 00:01]
"@"="" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2005-11-10 19:57]
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [2006-07-11 01:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-21 17:51]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-10-07 19:20]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 18:01]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 07:11]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-12-15 21:21]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 11:46]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 10:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 14:07]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msiexec.exe"=msiconf.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-04-30 16:26:04]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-09-18 13:50:21]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-08-12 17:08:52]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-08-09 18:55:52]
CPQ1400P.lnk - C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE [2005-10-06 15:03:28]
eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [2005-09-27 11:22:05]
eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [2005-09-27 11:22:05]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-02 20:33:32]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-01-09 22:26:40]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-09-12]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll jcheme.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 C:\WINDOWS\system32\qomKETKa

avg8wd - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - AVG Free8 WatchDog
avgldx86 - \SystemRoot\System32\Drivers\avgldx86.sys - AVG Free AVI Loader Driver x86
avgmfx86 - \SystemRoot\System32\Drivers\avgmfx86.sys - AVG Free On-access Scanner Minifilter Driver x86
cmdguard - COMODO Internet Security Sandbox Driver - System32\DRIVERS\cmdguard.sys
cmdhlp - COMODO Internet Security Helper Driver - System32\DRIVERS\cmdhlp.sys
dgivecp - \??\C:\WINDOWS\System32\Drivers\DgiVecp.sys - DgiVecp
inspect - COMODO Internet Security Firewall Driver - System32\DRIVERS\inspect.sys
mssql$mssmlbiz - "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ - SQL Server (MSSMLBIZ)
npkcmsvc - C:\Nexon\Mabinogi\npkcmsvc.exe - npkcmsvc
oreans32 - \??\C:\WINDOWS\system32\drivers\oreans32.sys - oreans32
psi_svc_2 - "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" - Protexis Licensing V2
sasdifsv - \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS - SASDIFSV
saskutil - \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL
sprtsvc_ddoctorv2 - "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 - SupportSoft Sprocket Service (ddoctorv2)
sqlwriter - "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" - SQL Server VSS Writer
x4hsx32 - \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys - X4HSX32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
napagent
hkmsvc


Contents of the 'Scheduled Tasks' folder
2009-01-01 20:39:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2009-01-16 11:55:00 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2005-04-12 01:44:53 C:\WINDOWS\tasks\ISP signup reminder 1.job
2005-04-12 01:44:54 C:\WINDOWS\tasks\ISP signup reminder 2.job
2005-04-12 01:44:54 C:\WINDOWS\tasks\ISP signup reminder 3.job
2009-01-16 12:12:42 C:\WINDOWS\tasks\jphvhhse.job
2009-01-14 23:27:26 C:\WINDOWS\tasks\Norton Security Scan for Owner.job
2009-01-16 12:33:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 07:32:22
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\Owner\ntuser.dat
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan
**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\seneka]
"imagepath"="\systemroot\system32\drivers\senekahbgdcfnp.sys"

Completion time: 2009-01-16 7:36:12

--- E O F ---

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 16 January 2009 - 08:22 AM

Hello.

Please refer to this link on restoring the connection.

Make sure your protection is disabled before proceeding.

Run ComboFix with CFScript
We will run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    File::
    C:\WINDOWS\system32\drivers\zaapobh.sys
    C:\WINDOWS\system32\msiconf.exe
    C:\WINDOWS\msiconf.exe
    C:\WINDOWS\tasks\jphvhhse.job
    
    Registry::
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msiexec.exe"=-
    
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Download and run MalwareBytes Anti-Malware
If you already have MBAM installed, simply update and run a quick scan.

Please download Malwarebytes Anti-Malware setup and to your desktop.
alternate download link 1
alternate download link 2

Refer to the steps given here on installing MalwareBytes, running the scan, and saving the log file (not on using File Assasin).
  • If you have trouble updating, try the other mirror download site.
  • Should the computer in question not be able update using the normal method download the update file from here, using another machine if needed. Simple double click the file to install the updates.
  • If MalwareBytes asks to reboot to remove certain items, do so right away.
Please include the scan logfile in your next reply.

Post back with:
-the ComboFix log
-the MalwareBytes scan log

Please tell me of any symptoms you have now.

With Regards,
The Panda

#7 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 January 2009 - 12:29 PM

Nothing significant happening symptom-wise, but heres the logs you requested:
Malwarebytes' Anti-Malware 1.30
Database version: 1427
Windows 5.1.2600 Service Pack 3

1/17/2009 12:27:17 PM
mbam-log-2009-01-17 (12-27-17).txt

Scan type: Quick Scan
Objects scanned: 62467
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator.YOUR-1SFDBKYKFJ\Local Settings\Temp\ntdll64.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.YOUR-1SFDBKYKFJ\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\g\Local Settings\Temp\mousehook.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

"Owner" - 2009-01-17 12:05:56 - ComboFix 07-07-22.4 - Service Pack 3 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\zaapobh.sys
C:\WINDOWS\tasks\jphvhhse.job


((((((((((((((((((((((((( Files Created from 2008-12-17 to 2009-01-17 )))))))))))))))))))))))))))))))


2009-01-17 09:52 <DIR> d-------- C:\12e2b3508726f7dd0eab73
2009-01-16 21:33 134,656 --a------ C:\WINDOWS\useguxav.dll
2009-01-16 08:11 41,984 --a------ C:\WINDOWS\Xqelohidimenipav.dll
2009-01-16 08:11 41,984 --a------ C:\WINDOWS\system32\chert5-998.exe
2009-01-16 07:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2009-01-15 17:19 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\SUPERAntiSpyware.com
2009-01-15 16:35 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\Malwarebytes
2009-01-15 16:33 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\Ventrilo
2009-01-10 22:21 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\Logitech
2009-01-10 21:03 <DIR> d-------- C:\Netgame
2009-01-09 22:28 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Logitech
2009-01-09 22:27 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2009-01-09 22:26 49,152 --a------ C:\WINDOWS\KHALMNPR.Exe
2009-01-09 22:26 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2009-01-09 22:26 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2009-01-09 22:26 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2009-01-09 19:39 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2009-01-09 19:39 52,992 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2009-01-09 19:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2009-01-08 19:04 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2009-01-08 18:45 <DIR> d-------- C:\DOCUME~1\g\APPLIC~1\DivX
2009-01-08 16:56 <DIR> d-------- C:\WINDOWS\NV7401208.TMP
2009-01-08 16:48 <DIR> d-------- C:\WINDOWS\NV25201788.TMP
2009-01-03 12:29 <DIR> d-------- C:\Program Files\StepMania


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-01-17 17:05:21 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DNA
2009-01-17 15:05:40 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Hamachi
2009-01-17 15:05:07 -------- d-----w C:\Program Files\DNA
2009-01-17 02:23:31 -------- d-----w C:\Program Files\NetZero
2009-01-17 02:22:29 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\LimeWire
2009-01-16 12:15:34 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Xfire
2009-01-14 23:03:58 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2009-01-14 23:00:07 -------- d-----w C:\Program Files\Norton Security Scan
2009-01-12 18:45:12 111,616 ----a-w C:\WINDOWS\system32\userinit.exe
2009-01-11 01:47:41 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\InstallShield
2009-01-11 01:47:35 -------- d--h--w C:\Program Files\InstallShield Installation Information
2009-01-10 00:38:20 -------- d-----w C:\Program Files\Logitech
2009-01-10 00:34:31 -------- d-----w C:\Program Files\Lx_cats
2009-01-08 23:55:33 -------- d-----w C:\Program Files\LimeWire
2008-12-30 01:09:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer
2008-12-18 01:26:31 13,016 ----a-w C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat
2008-12-16 21:27:20 -------- d-----w C:\Program Files\MSN Messenger
2008-12-16 12:43:53 -------- d-----w C:\Program Files\Messenger
2008-12-16 12:37:51 -------- d-----w C:\Program Files\Movie Maker
2008-12-16 12:34:51 -------- d-----w C:\Program Files\Windows NT
2008-12-16 08:02:21 -------- d-----w C:\Program Files\Microsoft SQL Server
2008-12-15 23:28:24 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\GetRightToGo
2008-12-15 23:20:22 -------- d-----w C:\Program Files\Microsoft.NET
2008-12-11 10:57:09 333,952 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-11-28 18:33:18 -------- d-----w C:\Program Files\AskBarDis
2008-11-27 05:01:41 249,592 ----a-w C:\WINDOWS\system32\cssdll32.dll
2008-11-27 05:01:41 -------- d-----w C:\Program Files\COMODO
2008-11-27 05:01:08 143,096 ----a-w C:\WINDOWS\system32\guard32.dll
2008-11-27 05:01:07 99,216 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-11-27 05:01:07 31,504 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-11-27 03:37:43 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Malwarebytes
2008-11-21 21:28:55 -------- d-----w C:\Program Files\Daemons Ring Gunz
2008-11-20 01:28:59 74,336 ---ha-w C:\WINDOWS\system32\mlfcache.dat
2008-11-18 00:19:06 -------- d-----w C:\Program Files\trend micro
2008-11-11 01:35:00 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-11-08 16:40:29 96 ---ha-w C:\WINDOWS\system32\HsInfo.dat
2008-10-23 12:36:14 286,720 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-09-17 20:10:10 784 ----a-w C:\DOCUME~1\Owner\APPLIC~1\mpauth.dat
2007-02-06 21:33:12 194,376 ----a-w C:\DOCUME~1\Owner\APPLIC~1\shb.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{615E2536-3E60-4E08-9987-3CDA01761110}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 15:51 1266992]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 06:51 691656]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 13:54 1555480]

[HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CLASSES_ROOT\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-07-16 15:51 1266992]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-08-08 06:51 691656]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= C:\Program Files\free-downloads.net\tbfree.dll [2008-02-14 13:54 1555480]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[-HKEY_CLASSES_ROOT\CLSID\{ECDEE021-0D17-467F-A1FF-C7A115230949}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2004-04-07 14:07]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 16:17]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 17:18]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-10-10 20:52]
"lxcimon.exe"="C:\Program Files\Lexmark 7300 Series\lxcimon.exe" [2005-09-30 09:47]
"EzPrint"="C:\Program Files\Lexmark 7300 Series\ezprint.exe" [2005-08-01 07:05]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 12:25]
"CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 10:08]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 14:09]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 17:57]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-11-27 09:56]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-11-27 00:01]
"COMODO Internet Security"="C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" [2008-11-27 00:01]
"@"="" []
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 12:45 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetZero_uoltray"="C:\Program Files\NetZero\exec.exe" [2005-11-10 19:57]
"spc_w"="C:\Program Files\NZSearch\nzspc.exe" [2006-07-11 01:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-21 17:51]
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2008-10-07 19:20]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-07 18:01]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 16:43]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 07:11]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-12-15 21:21]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 11:46]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 10:03]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 14:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"untd_recovery"="C:\Program Files\NetZero\qsacc\x1exec.exe"

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-04-30 16:26:04]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-09-18 13:50:21]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 14:41:18]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 02:43:08]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-08-12 17:08:52]
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 02:43:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-08-09 18:55:52]
CPQ1400P.lnk - C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE [2005-10-06 15:03:28]
eFax DllCmd 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe [2005-09-27 11:22:05]
eFax Tray Menu 4.0.lnk - C:\Program Files\eFax Messenger 4.0\J2GTray.exe [2005-09-27 11:22:05]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-02 20:33:32]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-01-09 22:26:40]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-09-12]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-09-12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll jcheme.dll

avg8wd - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - AVG Free8 WatchDog
avgldx86 - \SystemRoot\System32\Drivers\avgldx86.sys - AVG Free AVI Loader Driver x86
avgmfx86 - \SystemRoot\System32\Drivers\avgmfx86.sys - AVG Free On-access Scanner Minifilter Driver x86
cmdguard - COMODO Internet Security Sandbox Driver - System32\DRIVERS\cmdguard.sys
cmdhlp - COMODO Internet Security Helper Driver - System32\DRIVERS\cmdhlp.sys
dgivecp - \??\C:\WINDOWS\System32\Drivers\DgiVecp.sys - DgiVecp
inspect - COMODO Internet Security Firewall Driver - System32\DRIVERS\inspect.sys
mssql$mssmlbiz - "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ - SQL Server (MSSMLBIZ)
npkcmsvc - C:\Nexon\Mabinogi\npkcmsvc.exe - npkcmsvc
oreans32 - \??\C:\WINDOWS\system32\drivers\oreans32.sys - oreans32
psi_svc_2 - "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" - Protexis Licensing V2
sasdifsv - \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS - SASDIFSV
saskutil - \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL
sprtsvc_ddoctorv2 - "C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe" /service /P ddoctorv2 - SupportSoft Sprocket Service (ddoctorv2)
sqlwriter - "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" - SQL Server VSS Writer
x4hsx32 - \??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys - X4HSX32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
napagent
hkmsvc


Contents of the 'Scheduled Tasks' folder
2009-01-01 20:39:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2009-01-17 16:55:31 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
2005-04-12 01:44:53 C:\WINDOWS\tasks\ISP signup reminder 1.job
2005-04-12 01:44:54 C:\WINDOWS\tasks\ISP signup reminder 2.job
2005-04-12 01:44:54 C:\WINDOWS\tasks\ISP signup reminder 3.job
2009-01-16 23:00:00 C:\WINDOWS\tasks\Norton Security Scan for Owner.job
2009-01-17 17:13:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 12:14:18
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software
disk error: C:\Documents and Settings\Owner\ntuser.dat
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan
**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\system\ControlSet007\Services\seneka]
"imagepath"="\systemroot\system32\drivers\senekahbgdcfnp.sys"

Completion time: 2009-01-17 12:17:36
C:\ComboFix-quarantined-files.txt ... 2009-01-17 12:16
C:\ComboFix2.txt ... 2009-01-16 07:36

--- E O F ---

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 17 January 2009 - 01:13 PM

Hello.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :reg
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{615E2536-3E60-4E08-9987-3CDA01761110}]
    
    :files
    C:\WINDOWS\useguxav.dll
    C:\WINDOWS\Xqelohidimenipav.dll
    C:\WINDOWS\system32\chert5-998.exe
    
    :commands
    [emptytemp]
    [Reboot]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

F-Secure Online Scan
Please run F-Secure Online Scanner to check for anything left.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Please post back with:
-the OTMoveIt log
-the F-Secure scan log
-a new DDS.txt log.

With Regards,
The Panda

#9 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 January 2009 - 08:47 AM

Alright I was able to get the OTmoveit working, but whenever I am near the complete of Fsecure scan, my comp gives the Win32 message and the restart prompt starts up every time.
Here is the OtMoveIt and DDS log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 8:42:33.01 on Mon 01/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.464 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Safari\Safari.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Saf23.tmp\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\nzsearch\SearchEnh1.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Popup-Blocker Class: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
BHO: {615E2536-3E60-4E08-9987-3CDA01761110} - No File
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun
uRun: [spc_w] "c:\program files\nzsearch\nzspc.exe" -w
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [Steam] "c:\program files\valve\steam\Steam.exe" -silent
uRun: [BitTorrent] "c:\program files\bittorrent\bittorrent.exe" --force_start_minimized
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [lxcimon.exe] "c:\program files\lexmark 7300 series\lxcimon.exe"
mRun: [EzPrint] "c:\program files\lexmark 7300 series\ezprint.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [<NO NAME>]
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\hamachi.lnk - c:\program files\hamachi\hamachi.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\transbar.lnk - c:\windows\bricopacks\vista inspirat 2\transbar\TransBar.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\y'zsha~1.lnk - c:\windows\bricopacks\vista inspirat 2\yzshadow\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\BigFix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cpq1400p.lnk - c:\program files\compaq 1400p inkjet printer\CPQ1400P.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxdl~1.lnk - c:\program files\efax messenger 4.0\J2GDllCmd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efaxtr~1.lnk - c:\program files\efax messenger 4.0\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html
IE: &Search
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Display All Images with Full Quality - c:\program files\netzero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\netzero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll jcheme.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\qplfiwat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\qplfiwat.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\gametap\bin\release\npgametaptool.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\java\jre1.5.0_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {E5B2679C-84C3-4697-95C5-EDFE2E5C96D4} - c:\documents and settings\owner\local settings\application data\{E5B2679C-84C3-4697-95C5-EDFE2E5C96D4}
FF - HiddenExtension: XUL Cache: {09D6652B-B746-418F-8A1E-22331ED5DAC6} - c:\documents and settings\g\local settings\application data\{09D6652B-B746-418F-8A1E-22331ED5DAC6}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-10 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-10 26824]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-11-27 99216]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-11-27 31504]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2008-10-26 33824]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-11-10 231704]
R4 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2008-11-27 618232]
R4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-8-5 29184016]
S3 XDva009;XDva009;\??\c:\windows\system32\xdva009.sys --> c:\windows\system32\XDva009.sys [?]
S3 XDva037;XDva037;\??\c:\windows\system32\xdva037.sys --> c:\windows\system32\XDva037.sys [?]
S3 XDva119;XDva119;\??\c:\windows\system32\xdva119.sys --> c:\windows\system32\XDva119.sys [?]
S3 XDva120;XDva120;\??\c:\windows\system32\xdva120.sys --> c:\windows\system32\XDva120.sys [?]
S3 XDva121;XDva121;\??\c:\windows\system32\xdva121.sys --> c:\windows\system32\XDva121.sys [?]
S3 XDva134;XDva134;\??\c:\windows\system32\xdva134.sys --> c:\windows\system32\XDva134.sys [?]
S3 XDva201;XDva201;\??\c:\windows\system32\xdva201.sys --> c:\windows\system32\XDva201.sys [?]
S3 XDva212;XDva212;\??\c:\windows\system32\xdva212.sys --> c:\windows\system32\XDva212.sys [?]

=============== Created Last 30 ================

2009-01-18 00:28 <DIR> --d----- C:\fsaua.data
2009-01-18 00:20 <DIR> --d----- C:\_OTMoveIt
2009-01-17 09:52 <DIR> --d----- C:\12e2b3508726f7dd0eab73
2009-01-16 07:21 139,776 a------- c:\windows\system32\swreg.exe
2009-01-16 07:21 109,056 a------- c:\windows\catchme.exe
2009-01-16 07:21 49,152 a------- c:\windows\system32\vfind.exe
2009-01-16 07:21 212,480 a------- c:\windows\system32\swxcacls.exe
2009-01-16 07:21 <DIR> --d----- C:\ComboFix
2009-01-14 22:17 250 a------- c:\windows\gmer.ini
2009-01-12 13:45 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-12 13:45 111,616 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-12 13:44 1 a------- c:\windows\system32\uniq.tll
2009-01-12 13:44 1 a------- c:\windows\system32\test.ttt
2009-01-10 21:03 <DIR> --d----- C:\Netgame
2009-01-10 20:47 78,784 a------- c:\windows\system32\ISUSPM.cpl
2009-01-09 22:27 13,056 a------- c:\windows\system32\drivers\L8042Kbd.SYS
2009-01-09 22:26 36,480 a------- c:\windows\system32\drivers\LHidUsbK.sys
2009-01-09 22:26 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-01-09 22:26 49,152 a------- c:\windows\KHALMNPR.Exe
2009-01-09 22:26 24,704 a------- c:\windows\system32\drivers\LHidKE.Sys
2009-01-09 19:39 68,992 a------- c:\windows\system32\drivers\LMouKE.Sys
2009-01-09 19:39 52,992 a------- c:\windows\system32\drivers\L8042MOU.SYS
2009-01-09 19:38 <DIR> --d----- c:\program files\common files\Logitech
2009-01-08 19:04 155,648 a------- c:\windows\system32\igfxres.dll
2009-01-08 16:56 <DIR> --d----- c:\windows\NV7401208.TMP
2009-01-08 16:48 <DIR> --d----- c:\windows\NV25201788.TMP
2009-01-03 12:29 <DIR> --d----- c:\program files\StepMania
2008-12-31 13:49 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2009-01-12 13:45 111,616 a------- c:\windows\system32\userinit.exe
2008-12-17 20:26 13,016 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2008-12-16 07:41 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 15:37 42,320 a------- c:\windows\system32\xfcodec.dll
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-27 00:01 249,592 a------- c:\windows\system32\cssdll32.dll
2008-11-27 00:01 143,096 a------- c:\windows\system32\guard32.dll
2008-11-27 00:01 99,216 a------- c:\windows\system32\drivers\cmdguard.sys
2008-11-27 00:01 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys
2008-11-19 20:28 74,336 a---h--- c:\windows\system32\mlfcache.dat
2008-11-10 20:35 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-20 21:15 848 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-10-20 21:15 88 ---shr-- c:\docume~1\alluse~1\applic~1\67A4EFC0B1.sys
2008-09-17 15:10 784 a------- c:\docume~1\owner\applic~1\mpauth.dat
2007-02-06 16:33 194,376 a------- c:\docume~1\owner\applic~1\shb.dat

============= FINISH: 8:44:28.53 ===============

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{615E2536-3E60-4E08-9987-3CDA01761110}\\ not found.
========== FILES ==========
C:\WINDOWS\useguxav.dll NOT unregistered.
C:\WINDOWS\useguxav.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\Xqelohidimenipav.dll
C:\WINDOWS\Xqelohidimenipav.dll NOT unregistered.
C:\WINDOWS\Xqelohidimenipav.dll moved successfully.
C:\WINDOWS\system32\chert5-998.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib1.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib9.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ibB.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_002043

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\ib1.tmp moved successfully.
File C:\WINDOWS\temp\ib7.tmp not found!
File C:\WINDOWS\temp\ib8.tmp not found!
File C:\WINDOWS\temp\ib9.tmp not found!
File C:\WINDOWS\temp\ibB.tmp not found!

Attached Files



#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 19 January 2009 - 11:29 AM

Hello.

The online scans crash alot. That's no problem.

Unless there are any issues at the moment, we can warp up.

Uninstall ComboFix
Remove Combofix now that we're done with it.

If this tool has helped you, please consider making a donation to its author. Posted Image
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK. Notice the space between the "x" and "/".
    Posted Image
Uninstalling ComboFix will do the following:
  • Delete ComboFix and its components from your computer.
  • Delete other tools commonly used during the malware removal process.
  • Reset clock settings to standard format.
  • Hide file extensions and hidden/system files.
  • Clear the System Restore cache and create new a restore point.
Preventing Malware Infection in the Future
Please take some time to look at the following links, giving some advice and suggestions for preventing future infections: For general slowness problems that you may have, take a look at Slow Computer/browser? It May Not Be Malware. Read How to use the Startup Database to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#11 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 January 2009 - 12:09 PM

Thanks for the help, One more question are you sure about how I can stop these prompts from occuring, because every two hours or so it comes up and it automatically shutdowns.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 19 January 2009 - 02:42 PM

Hello.

Could you give me the exact message you recieve?

With Regards,
The Panda

#13 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 January 2009 - 06:08 PM

Generic host process for win32 has encountered a problem.
Something along those lines

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:22 AM

Posted 19 January 2009 - 06:45 PM

Hold on a second. I see something in the previous log.

Please disable your protection.

Download and Run ComboFix with CFScript
Download a new copy of ComboFix.

Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:
    http://www.bleepingcomputer.com/forums/t/191662/re-infected/
    
    Suspect::[59]
    c:\windows\system32\userinit.exe
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
At the end of its run ComboFix will attempt to upload some files. Please make sure you are connected to the Internet before clicking "OK". Kindly remind me in your next reply that files were uploaded.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.
With Regards,
The Panda

Edited by PropagandaPanda, 19 January 2009 - 06:46 PM.


#15 killaessien

killaessien
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 19 January 2009 - 11:07 PM

Hey Panda, did you mean to put the url in the code, either way here are the results:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-19 23:03:32
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEE31C7B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEE31BD16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEE31C372]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xEE31CF80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xEE31BA70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEE31DC70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEE31C99C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEE31B646]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xEE31CBEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xEE31CD9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xEE31B4F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEE31D8F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEE31BF5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEE31C5AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xEE31B228]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEE31C1EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xEE31B3A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEE31D346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEE31BB8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xEE31D6AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEE31DAA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xEE31D146]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEE31BEF6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEE31C0E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xEE31B93A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xEE31B808]

INT 0x62 ? 8736CBF8
INT 0x63 ? 8714CBF8
INT 0x82 ? 8736CBF8
INT 0xA4 ? 8714CBF8
INT 0xB1 ? 8736EBF8
INT 0xB1 ? 8736EBF8
INT 0xB4 ? 8714CBF8

Code 8714E818 ZwEnumerateKey
Code 8714B370 ZwFlushInstructionCache
Code EE2E354C pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 8714E81C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 8714B374
? spgg.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6A8D8AC 5 Bytes JMP 8714C1D8
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[196] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[224] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[224] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[232] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Compaq 1400P Inkjet Printer\CPQ1400P.EXE[560] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 04AA5690 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 04AA55C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 04AA5250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 04AA16D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] USER32.dll!keybd_event 7E466783 5 Bytes JMP 04AA1550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 04AA1860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 04AA1230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 04AA13C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ B8, 8C ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 04AA4F60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[644] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 04AA50E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[696] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[696] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[740] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[740] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[752] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[752] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[908] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[984] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[984] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1100] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1164] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1164] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1252] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1252] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1400] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1400] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00395690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0165000A
.text C:\Program Files\WinAce\WinAce.exe[1420] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003955C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] user32.dll!EndTask 7E45A0A5 5 Bytes JMP 00395250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] user32.dll!mouse_event 7E46673F 5 Bytes JMP 003916D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] user32.dll!keybd_event 7E466783 5 Bytes JMP 00391550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00391860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00391230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003913C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 47, 88 ]
.text C:\Program Files\WinAce\WinAce.exe[1420] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00394F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\WinAce\WinAce.exe[1420] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003950E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1496] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1496] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\eFax Messenger 4.0\J2GDllCmd.exe[1560] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[1608] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1620] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1660] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1688] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003A5690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003A55C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003A5250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 48, 88 ]
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003A4F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003A50E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00965690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009655C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00961860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00961230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 009613C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ A4, 88 ]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00965250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 009616D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00961550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00964F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1732] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 009650E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1836] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Xfire\xfire.exe[1888] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Xfire\xfire.exe[1888] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe[1920] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[2116] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2116] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00C715F1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00C715A0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtCreateProcess 7C90D130 5 Bytes JMP 00C71534 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtCreateProcessEx 7C90D140 5 Bytes JMP 00C71693 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtDeleteFile 7C90D220 5 Bytes JMP 00C715D6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtFreeVirtualMemory 7C90D370 5 Bytes JMP 00C79A00 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtLoadDriver 7C90D450 5 Bytes JMP 00C7160C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtOpenFile 7C90D580 5 Bytes JMP 00C715BB C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00C7104C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtSetInformationProcess 7C90DC80 5 Bytes JMP 00C71642 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtUnloadDriver 7C90DEA0 5 Bytes JMP 00C71627 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00C7156A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 7 Bytes JMP 00C7107C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!RtlAllocateHeap 7C9100A4 5 Bytes JMP 00C79A80 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D4000A
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] ntdll.dll!LdrGetProcedureAddress 7C917E88 5 Bytes JMP 00C7165D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C711EF C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C713D5 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 00C71183 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C71168 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C71132 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C710E1 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C710C6 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C710FC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C7114D C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!GetModuleHandleA 7C80B731 5 Bytes JMP 00C71384 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!GetModuleHandleW 7C80E4CD 5 Bytes JMP 00C7139F C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C7120A C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 00C71318 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C712AC C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!OpenFile 7C82196A 5 Bytes JMP 00C7119E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 00C71276 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C71225 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C71240 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!DeleteFileA 7C831EC5 5 Bytes JMP 00C71333 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00C7134E C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!MoveFileExW 7C835673 5 Bytes JMP 00C712E2 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C71291 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!MoveFileWithProgressA 7C835EC6 5 Bytes JMP 00C712FD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!MoveFileExA 7C85E3CB 5 Bytes JMP 00C712C7 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!CopyFileExA 7C85F2CC 5 Bytes JMP 00C7125B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C713BA C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] kernel32.dll!LoadModule 7C8624BE 5 Bytes JMP 00C71117 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00C714AD C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00C71492 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Safari\Safari.exe[2588] SHELL32.dll!ShellExecuteExW 7CA02F03 5 Bytes JMP 00C71441 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] SHELL32.dll!ShellExecuteEx 7CA40E25 5 Bytes JMP 00C71426 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] SHELL32.dll!ShellExecuteA 7CA41150 5 Bytes JMP 00C713F0 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] SHELL32.dll!ShellExecuteW 7CAB5BF0 5 Bytes JMP 00C7140B C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Safari\Safari.exe[2588] WININET.dll!InternetConnectA 7806499A 5 Bytes JMP 00C7145C C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\Safari\Safari.exe[2588] WININET.dll!InternetConnectW 78065B88 5 Bytes JMP 00C71477 C:\WINDOWS\system32\cssdll32.dll (COMODO SafeSurf/COMODO)
.text C:\Program Files\iPod\bin\iPodService.exe[2616] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\iPod\bin\iPodService.exe[2616] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[2616] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0098000A
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WkDStore.exe[2696] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\wbem\wmiprvse.exe[2728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[3096] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\notepad.exe[3100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\notepad.exe[3100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\notepad.exe[3100] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[3104] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3104] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003B5690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003B55C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003B1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003B1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 49, 88 ]
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003B5250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003B1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003B4F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLDial.exe[3180] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003B50E0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3188] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3196] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Media Reader\shwiconem.exe[3204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[3212] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00A85690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A855C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00A81860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00A81230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 00A813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ B6, 88 ]
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A85250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 00A816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00A81550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00A84F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 7300 Series\ezprint.exe[3296] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00A850E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3496] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 003A5690 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B5000A
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003A55C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 48, 88 ]
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003A5250 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] USER32.dll!keybd_event 7E466783 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003A4F60 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\WksWP.exe[3556] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003A50E0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0037000A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009B55C0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] USER32.DLL!EndTask 7E45A0A5 5 Bytes JMP 009B5250 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] USER32.DLL!mouse_event 7E46673F 5 Bytes JMP 009B16D0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] USER32.DLL!keybd_event 7E466783 5 Bytes JMP 009B1550 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 009B1860 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 009B1230 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 009B13C0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ A9, 88 ]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009B4F60 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\~AceTemp\gmer\gmer.exe[3692] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 009B50E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[3708] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A8000A
.text C:\WINDOWS\explorer.exe[3848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\explorer.exe[3848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\explorer.exe[3848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 00375690 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B3000A
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003755C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00371860 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00371230 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003713C0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 45, 88 ]
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00375250 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003716D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00371550 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00374F60 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Microsoft Works\wkgdcach.exe[3860] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003750E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] ntdll.dll!NtClose 7C90CFD0 5 Bytes JMP 10005690 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 100055C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [ 0E, 98 ]
.text C:\Program Files\DNA\btdna.exe[3920] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10005250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004F60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DNA\btdna.exe[3920] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8736E2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F751BC4C] spgg.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F751BCA0] spgg.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74EB040] spgg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74EB13C] spgg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74EB0BE] spgg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74EB7FC] spgg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74EB6D2] spgg.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8714C2D8
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7361990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7361990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7361990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7361990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7361990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7361950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7361990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7361710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7361770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8736B1F8
Device \Driver\sptd \Device\2378369814 spgg.sys

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 871451F8
Device \Driver\usbuhci \Device\USBPDO-1 871451F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{264F0042-B050-4599-A6A7-6829FD6D6CE8} 86F9D1F8
Device \Driver\usbuhci \Device\USBPDO-2 871451F8
Device \Driver\usbehci \Device\USBPDO-3 870C31F8

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873D91F8
Device \Driver\Cdrom \Device\CdRom0 87132500
Device \Driver\Cdrom \Device\CdRom1 87132500
Device \Driver\Cdrom \Device\CdRom2 87132500
Device \Driver\USBSTOR \Device\00000080 86E3D500
Device \Driver\Cdrom \Device\CdRom3 87132500
Device \Driver\USBSTOR \Device\00000081 86E3D500
Device \Driver\USBSTOR \Device\00000082 86E3D500
Device \Driver\USBSTOR \Device\00000083 86E3D500
Device \Driver\NetBT \Device\NetBt_Wins_Export 86F9D1F8
Device \Driver\sptd \Device\2378213564 spgg.sys
Device \Driver\NetBT \Device\NetbiosSmb 86F9D1F8
Device \Driver\PCI_PNP6064 \Device\0000005a spgg.sys
Device \Driver\PCI_PNP6064 \Device\0000005a spgg.sys
Device \Driver\PCI_PNP6064 \Device\0000005b spgg.sys
Device \Driver\PCI_PNP6064 \Device\0000005b spgg.sys

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Norton Internet Security Filter/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 871451F8
Device \Driver\usbuhci \Device\USBFDO-1 871451F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86F9C500
Device \Driver\usbuhci \Device\USBFDO-2 871451F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86F9C500
Device \Driver\USBSTOR \Device\0000007c 86E3D500
Device \Driver\usbehci \Device\USBFDO-3 870C31F8
Device \Driver\Ftdisk \Device\FtControl 873D91F8
Device \Driver\amr26zmt \Device\Scsi\amr26zmt1Port3Path0Target0Lun0 870D71F8
Device \Driver\amr26zmt \Device\Scsi\amr26zmt1 870D71F8
Device \Driver\aarrjt6k \Device\Scsi\aarrjt6k1 870CC1F8
Device \Driver\aarrjt6k \Device\Scsi\aarrjt6k1Port2Path0Target0Lun0 870CC1F8
Device \FileSystem\Cdfs \Cdfs 86E3E500

---- Modules - GMER 1.0.14 ----

Module \systemroot\system32\drivers\senekahbgdcfnp.sys (*** hidden *** ) EE2E1000-EE2FA000 (102400 bytes)

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\senekahbgdcfnp.sys (*** hidden *** ) [SYSTEM] seneka <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSmtvd.dat
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSShrxx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvkql.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSkhyp.log
Reg HKLM\SYSTEM\ControlSet004\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SYSTEM\ControlSet005\Control\Session Manager@PendingFileRenameOperations ???f?&??? ???????f?????f????????????????????&????????????????????c????"??f???0?????????ayM??RDPDD Chained DD?????????f???p???????????s???????????s??????E???? ???????f??????ei??? ???????f??????????????????????????????????? ???????f???????????f??????????????????oe???????f???s???e??RDPCDD?e?S?????f?&?f?&?f????????? ???????????????????f??????????F?4???????????????????F??f?????D????C:\PROGRA~1\Symantec\S32EVNT1.DLL??msv???f???f????????????8?????<????e??????????????????PCI_DRV????????f??8?NVIDIA GeForce 8400 GS ???Microsoft????b?b?^?b?b?f?F?^?^?^?b?b?b?F?b?b?f?f?f?f?b0???4??f??????????????kb?????? ???? ?????????????f??????????????????5?????????? ???????f???????????????????????????????yp??????????b???????????????e8??????????}??????????????????? ????????????????????????????*?,?6??????s8??????????f???????????????P??5.1.2600.5512????"???????f?????????????????f?fX???4??f???f?????????f?f(??????f???3?????r?3X??f?f?f?f?f?d?f?f?f?f?f?f?e?f?f?f?f?f?f?f?f??7-1-2001?f????@??f???????e8?NVIDIA GeForce 8400 GS ???BERMUDA??&(
Reg HKLM\SYSTEM\ControlSet005\Services\seneka
Reg HKLM\SYSTEM\ControlSet005\Services\seneka@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\seneka@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\seneka@imagepath \systemroot\system32\drivers\senekahbgdcfnp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\seneka@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\seneka\modules
Reg HKLM\SYSTEM\ControlSet005\Services\seneka\modules@seneka.dll \systemroot\system32\senekaqpobuhyl.dll
Reg HKLM\SYSTEM\ControlSet005\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekahbgdcfnp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\seneka\modules@senekadf.dll \systemroot\system32\senekapjblrnvq.dll
Reg HKLM\SYSTEM\ControlSet005\Services\seneka\modules@senekawi.dll \systemroot\system32\senekaskcbayoy.dll
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@imagepath \systemroot\system32\drivers\senekahbgdcfnp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.dll \systemroot\system32\senekaqpobuhyl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekahbgdcfnp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@senekadf.dll \systemroot\system32\senekapjblrnvq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@senekawi.dll \systemroot\system32\senekaskcbayoy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\seneka\modules@seneka.dat \systemroot\system32\senekaibnyklbq.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...
Reg HKLM\SYSTEM\ControlSet008\Services\seneka
Reg HKLM\SYSTEM\ControlSet008\Services\seneka@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\seneka@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\seneka@imagepath \systemroot\system32\drivers\senekahbgdcfnp.sys
Reg HKLM\SYSTEM\ControlSet008\Services\seneka@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\seneka\modules
Reg HKLM\SYSTEM\ControlSet008\Services\seneka\modules@seneka.dll \systemroot\system32\senekaqpobuhyl.dll
Reg HKLM\SYSTEM\ControlSet008\Services\seneka\modules@seneka.sys \systemroot\system32\drivers\senekahbgdcfnp.sys
Reg HKLM\SYSTEM\ControlSet008\Services\seneka\modules@senekadf.dll \systemroot\system32\senekapjblrnvq.dll
Reg HKLM\SYSTEM\ControlSet008\Services\seneka\modules@senekawi.dll \systemroot\system32\senekaskcbayoy.dll
Reg HKLM\SYSTEM\ControlSet008\Services\seneka\modules@seneka.dat \systemroot\system32\senekaibnyklbq.dat
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xCF 0xCB 0x3F 0xD2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x4B 0x05 0xEE 0x7A ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7D 0xF6 0x6D 0x65 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0x3A 0x35 0xD2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0x7C 0xAC 0xF0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0x22 0xE7 0x0F ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0xFF 0xA6 0x2F ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x1C 0xD6 0xDB 0xFD ...

---- EOF - GMER 1.0.14 ----

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users