Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System has just been Strange


  • This topic is locked This topic is locked
23 replies to this topic

#1 BNDAZ

BNDAZ

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 11 September 2009 - 04:01 AM

i run Avira antivirus daily, malwarebytes, i use comodo firewall and snoopfree on XP pro SP3 and use OpenDNS.

Not sure what may or may not be happening, but something just seems "off" little things, like my screen saver works for a day or two then stops, i change the number of minutes upone then back to where it was and it works again.
So i present my HJT and DDS ( attached as well) log to see what of anything someone may see that should be gone.
Thanks !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:48 AM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\Program Files\COMODO\Firewall\cfp.exe
H:\WINDOWS\SnoopFreeUI.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\COMODO\Firewall\cmdagent.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\IoctlSvc.exe
H:\WINDOWS\System32\SnoopFreeSvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\UTSCSI.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - H:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - H:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "H:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O8 - Extra context menu item: Append to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - H:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - H:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212893817679
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212893875304
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CADEE1F4-7A51-49B8-A6EF-53FB23C47BC4}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: H:\WINDOWS\system32\guard32.dll H:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CEMAVIUDUJPHPAVE - Sysinternals - www.sysinternals.com - H:\DOCUME~1\ACOMPU~1\LOCALS~1\Temp\CEMAVIUDUJPHPAVE.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - H:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - H:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - H:\WINDOWS\System32\SnoopFreeSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - H:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 11222 bytes



DDS (Ver_09-07-30.01) - NTFSx86
Run by A Computer at 13:23:19.89 on Fri 09/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2753 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\Program Files\COMODO\Firewall\cfp.exe
H:\WINDOWS\SnoopFreeUI.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\COMODO\Firewall\cmdagent.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\IoctlSvc.exe
H:\WINDOWS\System32\SnoopFreeSvc.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\WINDOWS\system32\UTSCSI.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe -k HTTPFilter
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Documents and Settings\A Computer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - h:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - h:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - h:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - h:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - h:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - h:\program files\canon\easy-webprint\Toolband.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - h:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [avgnt] "h:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [COMODO Firewall Pro] "h:\program files\comodo\firewall\cfp.exe" -h
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
IE: Append to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - h:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - h:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212893817679
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212893875304
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {CADEE1F4-7A51-49B8-A6EF-53FB23C47BC4} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - h:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - h:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - h:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: h:\windows\system32\guard32.dll h:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - h:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - h:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\acompu~1\applic~1\mozilla\firefox\profiles\xevrfhgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: h:\documents and settings\a computer\application data\mozilla\firefox\profiles\xevrfhgv.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: h:\documents and settings\a computer\application data\mozilla\firefox\profiles\xevrfhgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: h:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: h:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: h:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
h:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
h:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
h:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
h:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
h:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
h:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;h:\windows\system32\drivers\SnopFree.sys [2009-7-13 9472]
R1 avgio;avgio;h:\program files\avira\antivir desktop\avgio.sys [2009-6-21 11608]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;h:\windows\system32\drivers\cmdguard.sys [2009-7-2 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;h:\windows\system32\drivers\cmdhlp.sys [2009-7-2 24208]
R1 SASDIFSV;SASDIFSV;h:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;h:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;h:\program files\avira\antivir desktop\sched.exe [2009-6-21 108289]
R2 AntiVirService;Avira AntiVir Guard;h:\program files\avira\antivir desktop\avguard.exe [2009-6-21 185089]
R2 avgntflt;avgntflt;h:\windows\system32\drivers\avgntflt.sys [2009-6-21 55656]
R2 cmdAgent;COMODO Firewall Pro Helper Service;h:\program files\comodo\firewall\cmdagent.exe [2009-7-2 519936]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
S2 LxrSII1d;Secure II Driver;\??\h:\windows\system32\drivers\lxrsii1d.sys --> h:\windows\system32\drivers\LxrSII1d.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;h:\windows\system32\drivers\Amps2prt.sys [2009-8-13 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;h:\windows\system32\drivers\BRGSp50.sys [2009-7-27 20608]
S3 BzSpIDer;BzSpIDer;\??\k:\opiron\bzspider.sys --> k:\opiron\BzSpIDer.sys [?]
S3 CEMAVIUDUJPHPAVE;CEMAVIUDUJPHPAVE;h:\docume~1\acompu~1\locals~1\temp\CEMAVIUDUJPHPAVE.exe [2009-8-2 420736]
S3 MUD;Driver for Magellan USB Device;h:\windows\system32\drivers\MUD.sys [2009-7-31 51200]
S3 SASENUM;SASENUM;h:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

=============== Created Last 30 ================

2009-09-09 11:06 <DIR> --d----- H:\MagellanDrivers
2009-09-08 13:00 153,088 -c------ h:\windows\system32\dllcache\triedit.dll
2009-09-08 12:50 32,656 a------- h:\windows\system32\msonpmon.dll
2009-09-08 12:46 <DIR> --d----- h:\program files\Microsoft Visual Studio 8
2009-09-08 12:45 <DIR> --d----- h:\windows\SHELLNEW
2009-09-07 16:59 <DIR> --d----- h:\docume~1\acompu~1\applic~1\OpenOffice.org
2009-09-07 16:51 73,728 a------- h:\windows\system32\javacpl.cpl
2009-08-27 13:50 <DIR> --d----- h:\docume~1\acompu~1\applic~1\Office Genuine Advantage
2009-08-27 13:08 <DIR> --d----- h:\program files\Microsoft
2009-08-27 13:07 <DIR> --d----- h:\program files\Windows Live SkyDrive
2009-08-27 13:07 <DIR> --d----- h:\program files\Microsoft SQL Server Compact Edition
2009-08-27 12:53 <DIR> --d----- h:\program files\common files\Windows Live
2009-08-27 11:27 <DIR> --d----- h:\windows\NV20603296.TMP
2009-08-20 15:39 <DIR> --d----- h:\program files\TOPO! Explorer
2009-08-15 15:17 <DIR> --d----- h:\program files\GetData
2009-08-13 04:08 14,336 a------- h:\windows\system32\drivers\Amps2prt.sys
2009-08-13 04:08 13,824 a------- h:\windows\system32\drivers\Amusbprt.sys
2009-08-13 04:08 10,240 a------- h:\windows\system32\drivers\Arfumx86.sys
2009-08-13 04:08 8,704 a------- h:\windows\system32\drivers\Amfilter.sys

==================== Find3M ====================

2009-09-07 16:51 411,368 a------- h:\windows\system32\deploytk.dll
2009-08-05 03:28 55,656 a------- h:\windows\system32\drivers\avgntflt.sys
2009-08-05 02:01 204,800 a------- h:\windows\system32\mswebdvd.dll
2009-08-04 13:10 45,056 a------- h:\windows\system32\UTSCSI.EXE
2009-08-03 15:07 403,816 a------- h:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- h:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- h:\windows\system32\OGAEXEC.exe
2009-08-03 13:36 38,160 a------- h:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- h:\windows\system32\drivers\mbam.sys
2009-07-31 12:39 51,200 a------- h:\windows\system32\drivers\MUD.sys
2009-07-17 12:01 58,880 a------- h:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- h:\windows\system32\wmpdxm.dll
2009-07-13 02:35 221,184 a------- h:\windows\SnoopFreeUI.exe
2009-07-13 02:35 90,112 a------- h:\windows\system32\SnoopFreeSvc.exe
2009-07-13 02:35 45,056 a------- h:\windows\SnoopFreeDll.dll
2009-07-10 12:15 306,544 a------- h:\windows\WLXPGSS.SCR
2009-07-03 10:09 915,456 a------- h:\windows\system32\wininet.dll
2009-07-02 16:09 249,592 a------- h:\windows\system32\cssdll32.dll
2009-07-02 16:08 143,104 a------- h:\windows\system32\guard32.dll
2009-06-25 01:25 730,112 a------- h:\windows\system32\lsasrv.dll
2009-06-25 01:25 301,568 a------- h:\windows\system32\kerberos.dll
2009-06-25 01:25 147,456 a------- h:\windows\system32\schannel.dll
2009-06-25 01:25 136,192 a------- h:\windows\system32\msv1_0.dll
2009-06-25 01:25 56,832 a------- h:\windows\system32\secur32.dll
2009-06-25 01:25 54,272 a------- h:\windows\system32\wdigest.dll
2009-06-16 07:36 119,808 a------- h:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- h:\windows\system32\fontsub.dll
2008-12-21 02:10 8 a------- h:\docume~1\acompu~1\applic~1\usb.dat

============= FINISH: 13:24:01.64 ===============

Attached Files


Edited by BNDAZ, 11 September 2009 - 03:30 PM.


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:48 PM

Posted 27 September 2009 - 08:30 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 27 September 2009 - 07:26 PM

Thank you the reply, though i am not experiencing specifics issues per say, i have noticed some significant slowdowns in general i am concerned about something i may not have the experience to catch.
The logs are in and attached to my original post.

Edited by BNDAZ, 27 September 2009 - 07:27 PM.


#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:48 PM

Posted 30 September 2009 - 01:21 PM

Hello BNDAZ :( Welcome to the BC HijackThis Log and Analysis forum. Sorry about your wait, but I will be assisting you in cleaning up your system from here on out.


I ask that you refrain from running tools other than those we suggest while we are performing the clean-up. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



The state of a computer can change rapidly so I will need updated DDS logs as well as the one below:
Only attach the attach.txt log, post the others in the reply window.


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Thanks,



thewall
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 01 October 2009 - 04:55 AM

Thank you for your help:
DDS.txt file contents:

DDS (Ver_09-07-30.01) - NTFSx86
Run by A Computer at 15:40:51.12 on Wed 09/30/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2658 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

H:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
H:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\COMODO\Firewall\cfp.exe
H:\WINDOWS\SnoopFreeUI.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\PROGRA~1\AVG\AVG8\avgtray.exe
svchost.exe
H:\Program Files\Eraser\eraser.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\Program Files\COMODO\Firewall\cmdagent.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
H:\PROGRA~1\AVG\AVG8\avgrsx.exe
H:\PROGRA~1\AVG\AVG8\avgnsx.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\IoctlSvc.exe
H:\WINDOWS\System32\SnoopFreeSvc.exe
H:\WINDOWS\system32\svchost.exe -k imgsvc
H:\WINDOWS\system32\UTSCSI.EXE
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe -k HTTPFilter
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Documents and Settings\A Computer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - h:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - h:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - h:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - h:\program files\avg\avg8\avgssie.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - h:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - h:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - h:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - h:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - h:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - h:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - h:\program files\canon\easy-webprint\Toolband.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - h:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - h:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Eraser] h:\program files\eraser\eraser.exe -hide
mRun: [NvCplDaemon] RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
mRun: [COMODO Firewall Pro] "h:\program files\comodo\firewall\cfp.exe" -h
mRun: [SnoopFreeUI] SnoopFreeUI.exe
mRun: [NvMediaCenter] RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "h:\program files\quicktime\qttask.exe" -atboottime
mRun: [Application Layer Gateway] h:\program files\common files\alg.exe
mRun: [AVG8_TRAY] h:\progra~1\avg\avg8\avgtray.exe
IE: Append to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - h:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - h:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - h:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - h:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - h:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - h:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212893817679
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212893875304
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {CADEE1F4-7A51-49B8-A6EF-53FB23C47BC4} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - h:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - h:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - h:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - h:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: h:\windows\system32\guard32.dll h:\windows\system32\cssdll32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - h:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - h:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - h:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - h:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - h:\docume~1\acompu~1\applic~1\mozilla\firefox\profiles\xevrfhgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: h:\documents and settings\a computer\application data\mozilla\firefox\profiles\xevrfhgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: h:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: h:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: h:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: h:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: h:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: h:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: h:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: h:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - h:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
h:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
h:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
h:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
h:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
h:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
h:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
h:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
h:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
h:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
h:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
h:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SnoopFree;SnoopFree Driver;h:\windows\system32\drivers\SnopFree.sys [2009-7-13 9472]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [2009-9-23 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;h:\windows\system32\drivers\avgmfx86.sys [2009-9-23 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [2009-9-23 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;h:\windows\system32\drivers\cmdguard.sys [2009-7-2 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;h:\windows\system32\drivers\cmdhlp.sys [2009-7-2 24208]
R1 SASDIFSV;SASDIFSV;h:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;h:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 avg8wd;AVG Free8 WatchDog;h:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-23 297752]
R2 cmdAgent;COMODO Firewall Pro Helper Service;h:\program files\comodo\firewall\cmdagent.exe [2009-7-2 519936]
R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]
R3 SASENUM;SASENUM;h:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S2 LxrSII1d;Secure II Driver;\??\h:\windows\system32\drivers\lxrsii1d.sys --> h:\windows\system32\drivers\LxrSII1d.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;h:\windows\system32\drivers\Amps2prt.sys [2009-8-13 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;h:\windows\system32\drivers\BRGSp50.sys [2009-7-27 20608]
S3 BzSpIDer;BzSpIDer;\??\k:\opiron\bzspider.sys --> k:\opiron\BzSpIDer.sys [?]
S3 CEMAVIUDUJPHPAVE;CEMAVIUDUJPHPAVE;h:\docume~1\acompu~1\locals~1\temp\CEMAVIUDUJPHPAVE.exe [2009-8-2 420736]
S3 MUD;Driver for Magellan USB Device;h:\windows\system32\drivers\MUD.sys [2009-7-31 51200]

=============== Created Last 30 ================

2009-09-24 06:02 <DIR> --d-h--- H:\$AVG8.VAULT$
2009-09-23 15:58 108,552 a------- h:\windows\system32\drivers\avgtdix.sys
2009-09-23 15:58 11,952 a------- h:\windows\system32\avgrsstx.dll
2009-09-23 15:58 335,240 a------- h:\windows\system32\drivers\avgldx86.sys
2009-09-23 15:58 <DIR> --d----- h:\windows\system32\drivers\Avg
2009-09-23 15:58 <DIR> --d----- h:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-23 15:58 <DIR> --d----- h:\docume~1\alluse~1\applic~1\avg8
2009-09-23 15:39 <DIR> --d----- h:\docume~1\acompu~1\applic~1\AVG8
2009-09-23 14:39 <DIR> --d----- h:\windows\NOD32 Antivirus 4.0.467
2009-09-21 18:30 861,184 a------- h:\windows\system32\MyDefragScreenSaver.exe
2009-09-21 18:30 95,232 a------- h:\windows\system32\MyDefragScreenSaver.scr
2009-09-21 18:30 <DIR> --d----- h:\program files\MyDefrag v4.1.2
2009-09-09 11:06 <DIR> --d----- H:\MagellanDrivers
2009-09-08 13:00 153,088 -c------ h:\windows\system32\dllcache\triedit.dll
2009-09-08 12:50 32,656 a------- h:\windows\system32\msonpmon.dll
2009-09-08 12:46 <DIR> --d----- h:\program files\Microsoft Visual Studio 8
2009-09-08 12:45 <DIR> --d----- h:\windows\SHELLNEW
2009-09-08 00:47 33,205 a------- h:\program files\common files\alg.exe
2009-09-07 16:59 <DIR> --d----- h:\docume~1\acompu~1\applic~1\OpenOffice.org
2009-09-07 16:51 73,728 a------- h:\windows\system32\javacpl.cpl

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- h:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- h:\windows\system32\drivers\mbam.sys
2009-09-07 16:51 411,368 a------- h:\windows\system32\deploytk.dll
2009-08-05 03:28 55,656 a------- h:\windows\system32\drivers\avgntflt.sys
2009-08-05 02:01 204,800 a------- h:\windows\system32\mswebdvd.dll
2009-08-04 13:10 45,056 a------- h:\windows\system32\UTSCSI.EXE
2009-08-03 15:07 403,816 a------- h:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- h:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- h:\windows\system32\OGAEXEC.exe
2009-07-17 12:01 58,880 a------- h:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- h:\windows\system32\wmpdxm.dll
2009-07-13 02:35 221,184 a------- h:\windows\SnoopFreeUI.exe
2009-07-13 02:35 90,112 a------- h:\windows\system32\SnoopFreeSvc.exe
2009-07-13 02:35 45,056 a------- h:\windows\SnoopFreeDll.dll
2009-07-10 12:15 306,544 a------- h:\windows\WLXPGSS.SCR
2009-07-03 10:09 915,456 a------- h:\windows\system32\wininet.dll
2009-07-02 16:09 249,592 a------- h:\windows\system32\cssdll32.dll
2009-07-02 16:08 143,104 a------- h:\windows\system32\guard32.dll
2008-12-21 02:10 8 a------- h:\docume~1\acompu~1\applic~1\usb.dat

============= FINISH: 15:41:23.75 ===============


GMER LOG file contents


GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-01 02:51:59
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\ACOMPU~1\LOCALS~1\Temp\ugtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB6646C8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xB66463C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xB66468A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xB664743C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xB6646080]
SSDT SnopFree.sys ZwCreateProcessEx [0xBA4BC9E4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xB6648084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB6646E72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xB6645C50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xB66470B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteValueKey [0xB6647268]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xB6645B02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xB6647D24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xB6646AB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xB6645822]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xB6646744]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xB66459AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xB66477F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB6646196]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xB6647AE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xB6647EC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetValueKey [0xB6647602]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xB66465D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xB6646638]
SSDT \??\H:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB64EEF20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xB6645E18]

---- Kernel code sections - GMER 1.0.15 ----

? H:\WINDOWS\system32\drivers\SnopFree.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchProtocolHost.exe[140] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00875060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00874F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00871860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00871230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 008713C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [95, 88]
.text H:\WINDOWS\SnoopFreeUI.exe[252] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00874C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 008716D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00871550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00874960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\SnoopFreeUI.exe[252] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00874AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\RUNDLL32.EXE[260] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\svchost.exe[444] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[444] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 008B5060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008B4F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 008B4C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 008B16D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] USER32.dll!keybd_event 7E466783 5 Bytes JMP 008B1550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 008B1860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 008B1230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 008B13C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [99, 88]
.text H:\Program Files\Eraser\eraser.exe[472] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 008B4960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Eraser\eraser.exe[472] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 008B4AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[528] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[576] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Bonjour\mDNSResponder.exe[612] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\COMODO\Firewall\cmdagent.exe[652] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\winlogon.exe[796] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\winlogon.exe[796] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\services.exe[840] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\services.exe[840] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\lsass.exe[852] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\lsass.exe[852] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\svchost.exe[1028] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1028] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\svchost.exe[1092] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1092] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\svchost.exe[1308] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1308] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\svchost.exe[1384] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[1384] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Java\jre6\bin\jqs.exe[1404] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\spoolsv.exe[1544] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\spoolsv.exe[1544] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1564] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[1740] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\PROGRA~1\AVG\AVG8\avgnsx.exe[1776] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\Explorer.EXE[1932] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\Explorer.EXE[1932] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\IoctlSvc.exe[1948] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\svchost.exe[2204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\svchost.exe[2204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C H:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\system32\SearchIndexer.exe[2548] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\System32\alg.exe[3124] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\alg.exe[3124] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007A5060 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007A4F90 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 007A1860 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 007A1230 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 007A13C0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [88, 88]
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 007A4C30 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 007A16D0 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] USER32.dll!keybd_event 7E466783 5 Bytes JMP 007A1550 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 007A4960 H:\WINDOWS\system32\guard32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[3192] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 007A4AD0 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\Documents and Settings\A Computer\Desktop\gmer.exe[3520] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text H:\WINDOWS\System32\svchost.exe[3992] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 H:\WINDOWS\system32\guard32.dll
.text H:\WINDOWS\System32\svchost.exe[3992] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 H:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9E24950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E24990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9E24710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9E24770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [005E1540] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [005E20B0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [005E1920] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [005E14F0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [005E19B0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [005E1F10] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [005E1580] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [005E21C0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [005E2230] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [005E2210] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [005E1FD0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [005E1770] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [005E17E0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [005E1660] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [005E1540] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [005E1920] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [005E19B0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [005E14F0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [005E1E50] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [005E1F10] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [005E1FD0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [005E17E0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [005E1880] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [005E1540] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [005E1FD0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [005E14F0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [005E17E0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [005E1F10] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [005E19B0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [005E1DC0] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [005E2290] H:\Program Files\COMODO\Firewall\cfp.exe
IAT H:\Program Files\COMODO\Firewall\cfp.exe[244] @ H:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [005E2420] H:\Program Files\COMODO\Firewall\cfp.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by thewall, 01 October 2009 - 11:34 AM.


#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:48 PM

Posted 01 October 2009 - 11:46 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 01 October 2009 - 02:59 PM

Ran combofix, indicated recovery console was not installed, it tried t download it and indicated that it failed. it continued scan,
Result:
ComboFix 09-10-01.01 - A Computer 10/01/2009 12:40.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2669 [GMT -7:00]
Running from: h:\documents and settings\A Computer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\Common Files\alg.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-01 to 2009-10-01 )))))))))))))))))))))))))))))))
.

2009-09-24 23:09 . 2009-09-24 23:09 199856 ----a-w- h:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-24 13:02 . 2009-10-01 13:04 -------- d-----w- H:\$AVG8.VAULT$
2009-09-23 23:00 . 2009-09-23 23:00 -------- d-----w- h:\documents and settings\A Computer\Local Settings\Application Data\AVG Security Toolbar
2009-09-23 22:58 . 2009-09-23 22:58 11952 ----a-w- h:\windows\system32\avgrsstx.dll
2009-09-23 22:58 . 2009-09-23 22:58 108552 ----a-w- h:\windows\system32\drivers\avgtdix.sys
2009-09-23 22:58 . 2009-09-23 22:58 335240 ----a-w- h:\windows\system32\drivers\avgldx86.sys
2009-09-23 22:58 . 2009-09-23 22:58 27784 ----a-w- h:\windows\system32\drivers\avgmfx86.sys
2009-09-23 22:58 . 2009-10-01 16:33 -------- d-----w- h:\windows\system32\drivers\Avg
2009-09-23 22:58 . 2009-09-24 23:06 -------- d-----w- h:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-23 22:58 . 2009-09-23 22:58 -------- d-----w- h:\documents and settings\All Users\Application Data\avg8
2009-09-23 22:39 . 2009-09-23 22:39 -------- d-----w- h:\documents and settings\A Computer\Application Data\AVG8
2009-09-23 21:39 . 2009-09-23 21:39 -------- d-----w- h:\windows\NOD32 Antivirus 4.0.467
2009-09-22 01:30 . 2009-09-25 21:17 -------- d-----w- h:\program files\MyDefrag v4.1.2
2009-09-22 01:30 . 2009-08-02 21:26 95232 ----a-w- h:\windows\system32\MyDefragScreenSaver.scr
2009-09-22 01:30 . 2009-08-02 21:26 861184 ----a-w- h:\windows\system32\MyDefragScreenSaver.exe
2009-09-09 21:56 . 2009-09-09 21:56 -------- d-----w- h:\documents and settings\A Computer\Application Data\CyberLink
2009-09-09 21:55 . 2009-09-09 21:55 -------- d-----w- h:\documents and settings\All Users\Application Data\CyberLink
2009-09-09 21:54 . 2009-09-09 21:55 -------- d-----w- h:\program files\CyberLink
2009-09-09 18:06 . 2009-09-09 18:06 -------- d-----w- H:\MagellanDrivers
2009-09-09 15:00 . 2009-09-09 15:00 -------- d-sh--w- h:\documents and settings\Default User\IETldCache
2009-09-08 20:00 . 2009-06-21 21:44 153088 -c----w- h:\windows\system32\dllcache\triedit.dll
2009-09-08 19:50 . 2008-11-10 18:41 32656 ----a-w- h:\windows\system32\msonpmon.dll
2009-09-08 19:46 . 2009-09-08 19:46 -------- d-----w- h:\program files\Microsoft Visual Studio 8
2009-09-08 19:45 . 2009-09-08 19:48 -------- d-----w- h:\windows\SHELLNEW
2009-09-08 19:45 . 2009-09-08 19:45 -------- d-----w- h:\documents and settings\A Computer\Local Settings\Application Data\Microsoft Help
2009-09-08 19:45 . 2009-09-13 15:03 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 18:14 . 2009-09-08 18:14 -------- d-----w- h:\program files\Microsoft.NET
2009-09-07 23:59 . 2009-09-07 23:59 -------- d-----w- h:\documents and settings\A Computer\Application Data\OpenOffice.org

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 19:44 . 2009-01-07 22:36 -------- d-----w- h:\program files\Eraser
2009-09-30 23:09 . 2008-12-18 23:06 -------- d-----w- h:\documents and settings\A Computer\Application Data\Canon
2009-09-30 11:03 . 2008-06-15 18:41 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-09-28 21:21 . 2008-06-23 22:38 -------- d-----w- h:\program files\The Logo Creator v5
2009-09-24 23:14 . 2008-06-08 02:23 75240 ----a-w- h:\documents and settings\A Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 21:54 . 2008-07-24 20:24 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2008-06-15 18:41 19160 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-09-09 21:54 . 2008-06-08 23:34 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-09-08 20:11 . 2008-06-08 19:36 -------- d-----w- h:\program files\Microsoft Silverlight
2009-09-08 20:03 . 2008-06-08 03:42 -------- d-----w- h:\program files\Microsoft Works
2009-09-08 19:49 . 2009-07-22 23:51 -------- d-----w- h:\program files\MSBuild
2009-09-07 23:51 . 2009-01-19 22:53 411368 ----a-w- h:\windows\system32\deploytk.dll
2009-09-07 22:51 . 2009-08-11 07:13 -------- d-----w- h:\program files\Full Tilt Poker
2009-08-27 20:50 . 2009-08-27 20:50 -------- d-----w- h:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-08-27 20:50 . 2009-08-27 20:50 -------- d-----w- h:\documents and settings\A Computer\Application Data\Office Genuine Advantage
2009-08-27 20:08 . 2009-08-27 20:07 -------- d-----w- h:\program files\Windows Live
2009-08-27 20:08 . 2009-08-27 20:08 -------- d-----w- h:\program files\Microsoft
2009-08-27 20:07 . 2009-08-27 20:07 -------- d-----w- h:\program files\Windows Live SkyDrive
2009-08-27 20:07 . 2009-08-27 20:07 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition
2009-08-27 19:53 . 2009-08-27 19:53 -------- d-----w- h:\program files\Common Files\Windows Live
2009-08-25 22:57 . 2009-03-05 23:06 -------- d-----w- h:\documents and settings\A Computer\Application Data\TeamViewer
2009-08-23 00:00 . 2008-06-16 01:33 -------- d-----w- h:\documents and settings\A Computer\Application Data\Apple Computer
2009-08-20 22:40 . 2009-08-20 22:39 -------- d-----w- h:\program files\TOPO! Explorer
2009-08-15 22:52 . 2009-01-19 02:46 -------- d-----w- h:\program files\Recuva
2009-08-15 22:17 . 2009-08-15 22:17 -------- d-----w- h:\program files\GetData
2009-08-11 07:36 . 2009-02-20 21:20 -------- d-----w- h:\program files\PokerStars
2009-08-10 21:07 . 2008-06-08 02:20 -------- d-----w- h:\program files\CCleaner
2009-08-08 21:39 . 2009-08-08 21:39 -------- d-----w- h:\program files\Replay AV 8
2009-08-05 10:28 . 2009-06-21 09:47 55656 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 07:56 204800 ----a-w- h:\windows\system32\mswebdvd.dll
2009-08-04 20:10 . 2009-08-04 20:10 45056 ----a-w- h:\windows\system32\UTSCSI.EXE
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- h:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- h:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- h:\windows\system32\OGAEXEC.exe
2009-07-31 19:39 . 2009-07-31 19:40 51200 ----a-w- h:\windows\system32\drivers\MUD.sys
2009-07-17 19:01 . 2004-08-04 07:56 58880 ----a-w- h:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 07:56 286208 ----a-w- h:\windows\system32\wmpdxm.dll
2009-07-13 09:35 . 2009-07-13 09:35 9472 ----a-w- h:\windows\system32\drivers\SnopFree.sys
2009-07-13 09:35 . 2009-07-13 09:35 90112 ----a-w- h:\windows\system32\SnoopFreeSvc.exe
2009-07-13 09:35 . 2009-07-13 09:35 45056 ----a-w- h:\windows\SnoopFreeDll.dll
2009-07-13 09:35 . 2009-07-13 09:35 221184 ----a-w- h:\windows\SnoopFreeUI.exe
2009-07-10 19:15 . 2009-07-10 19:15 306544 ----a-w- h:\windows\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "h:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-07-02 66912]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-07-02 23:09 66912 ----a-w- h:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="h:\program files\Eraser\eraser.exe" [2009-01-07 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"COMODO Firewall Pro"="h:\program files\COMODO\Firewall\cfp.exe" [2009-07-02 1655552]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AVG8_TRAY"="h:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-23 2007832]
"SnoopFreeUI"="SnoopFreeUI.exe" - h:\windows\SnoopFreeUI.exe [2009-07-13 221184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-23 22:58 11952 ----a-w- h:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"h:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Program Files\\TOPO! Explorer\\te.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"h:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [9/23/2009 3:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [9/23/2009 3:58 PM 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;h:\windows\system32\drivers\cmdguard.sys [7/2/2009 4:08 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;h:\windows\system32\drivers\cmdhlp.sys [7/2/2009 4:08 PM 24208]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 avg8wd;AVG Free8 WatchDog;h:\progra~1\AVG\AVG8\avgwdsvc.exe [9/23/2009 3:58 PM 297752]
S2 LxrSII1d;Secure II Driver;\??\h:\windows\system32\Drivers\LxrSII1d.sys --> h:\windows\system32\Drivers\LxrSII1d.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;h:\windows\system32\drivers\Amps2prt.sys [8/13/2009 4:08 AM 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;h:\windows\system32\drivers\BRGSp50.sys [7/27/2009 1:17 PM 20608]
S3 BzSpIDer;BzSpIDer;\??\k:\opiron\BzSpIDer.sys --> k:\opiron\BzSpIDer.sys [?]
S3 CEMAVIUDUJPHPAVE;CEMAVIUDUJPHPAVE;h:\docume~1\ACOMPU~1\LOCALS~1\Temp\CEMAVIUDUJPHPAVE.exe --> h:\docume~1\ACOMPU~1\LOCALS~1\Temp\CEMAVIUDUJPHPAVE.exe [?]
S3 MUD;Driver for Magellan USB Device;h:\windows\system32\drivers\MUD.sys [7/31/2009 12:40 PM 51200]
S3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-10-01 h:\windows\Tasks\OGALogon.job
- h:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {CADEE1F4-7A51-49B8-A6EF-53FB23C47BC4} = 208.67.222.222,208.67.220.220
FF - ProfilePath - h:\documents and settings\A Computer\Application Data\Mozilla\Firefox\Profiles\xevrfhgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: h:\documents and settings\A Computer\Application Data\Mozilla\Firefox\Profiles\xevrfhgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: h:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: h:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
Notify-!SASWinLogon - h:\program files\SUPERAntiSpyware\SASWINLO.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-01 12:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2552)
h:\windows\system32\WININET.dll
h:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
h:\windows\system32\ieframe.dll
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\program files\COMODO\Firewall\cmdagent.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
h:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
h:\windows\system32\nvsvc32.exe
h:\windows\system32\IoctlSvc.exe
h:\windows\system32\SnoopFreeSvc.exe
h:\program files\AVG\AVG8\avgrsx.exe
h:\progra~1\AVG\AVG8\avgnsx.exe
h:\windows\system32\UTSCSI.EXE
h:\windows\system32\searchindexer.exe
h:\windows\system32\rundll32.exe
h:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-01 12:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-01 19:48

Pre-Run: 228,451,676,160 bytes free
Post-Run: 229,937,631,232 bytes free

243 --- E O F --- 2009-09-25 15:00

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:48 PM

Posted 01 October 2009 - 08:16 PM

We need to see if you can get the Recovery Console installed.


With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named.

Note: If you have SP3, use the SP2 package.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 02 October 2009 - 05:49 AM

i have downloaded the appropriate file to my desktop.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:48 PM

Posted 02 October 2009 - 09:06 AM

OK that's good, now run ComboFix one more time.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 02 October 2009 - 02:14 PM

Do i need to run the download my self? I ran combo fix again, it indicated that the recover console wasn't installed, tried to download again, failed and scanned again, same result in the polace that indicated that recovery console is not installed.
I use mozilla firefox, and after running combofix, the default browser s changed back to IE, which failed to load both times.

Edited by BNDAZ, 02 October 2009 - 02:25 PM.


#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:48 PM

Posted 02 October 2009 - 04:51 PM

Sorry, that was my fault. Please follow the instructions below:



Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


Posted Image
  • Drag the setup package onto ComboFix.exe and drop it.
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image

  • At the next prompt, click 'Yes' to run the full ComboFix scan.
  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#13 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 02 October 2009 - 05:32 PM

ok, recovery console installed fine:
Again, default browser was changed...?

Result
:ComboFix 09-10-01.01 - A Computer 10/02/2009 15:05.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3323.2569 [GMT -7:00]
Running from: h:\documents and settings\A Computer\Desktop\ComboFix.exe
Command switches used :: h:\documents and settings\A Computer\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-09-24 23:09 . 2009-09-24 23:09 199856 ----a-w- h:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-09-24 13:02 . 2009-10-02 13:02 -------- d-----w- H:\$AVG8.VAULT$
2009-09-23 23:00 . 2009-09-23 23:00 -------- d-----w- h:\documents and settings\A Computer\Local Settings\Application Data\AVG Security Toolbar
2009-09-23 22:58 . 2009-09-23 22:58 11952 ----a-w- h:\windows\system32\avgrsstx.dll
2009-09-23 22:58 . 2009-09-23 22:58 108552 ----a-w- h:\windows\system32\drivers\avgtdix.sys
2009-09-23 22:58 . 2009-09-23 22:58 335240 ----a-w- h:\windows\system32\drivers\avgldx86.sys
2009-09-23 22:58 . 2009-09-23 22:58 27784 ----a-w- h:\windows\system32\drivers\avgmfx86.sys
2009-09-23 22:58 . 2009-10-02 16:05 -------- d-----w- h:\windows\system32\drivers\Avg
2009-09-23 22:58 . 2009-09-24 23:06 -------- d-----w- h:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-23 22:58 . 2009-09-23 22:58 -------- d-----w- h:\documents and settings\All Users\Application Data\avg8
2009-09-23 22:39 . 2009-09-23 22:39 -------- d-----w- h:\documents and settings\A Computer\Application Data\AVG8
2009-09-23 21:39 . 2009-09-23 21:39 -------- d-----w- h:\windows\NOD32 Antivirus 4.0.467
2009-09-22 01:30 . 2009-09-25 21:17 -------- d-----w- h:\program files\MyDefrag v4.1.2
2009-09-22 01:30 . 2009-08-02 21:26 95232 ----a-w- h:\windows\system32\MyDefragScreenSaver.scr
2009-09-22 01:30 . 2009-08-02 21:26 861184 ----a-w- h:\windows\system32\MyDefragScreenSaver.exe
2009-09-09 21:56 . 2009-09-09 21:56 -------- d-----w- h:\documents and settings\A Computer\Application Data\CyberLink
2009-09-09 21:55 . 2009-09-09 21:55 -------- d-----w- h:\documents and settings\All Users\Application Data\CyberLink
2009-09-09 21:54 . 2009-09-09 21:55 -------- d-----w- h:\program files\CyberLink
2009-09-09 18:06 . 2009-09-09 18:06 -------- d-----w- H:\MagellanDrivers
2009-09-09 15:00 . 2009-09-09 15:00 -------- d-sh--w- h:\documents and settings\Default User\IETldCache
2009-09-08 20:00 . 2009-06-21 21:44 153088 -c----w- h:\windows\system32\dllcache\triedit.dll
2009-09-08 19:50 . 2008-11-10 18:41 32656 ----a-w- h:\windows\system32\msonpmon.dll
2009-09-08 19:46 . 2009-09-08 19:46 -------- d-----w- h:\program files\Microsoft Visual Studio 8
2009-09-08 19:45 . 2009-09-08 19:48 -------- d-----w- h:\windows\SHELLNEW
2009-09-08 19:45 . 2009-09-08 19:45 -------- d-----w- h:\documents and settings\A Computer\Local Settings\Application Data\Microsoft Help
2009-09-08 19:45 . 2009-09-13 15:03 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 18:14 . 2009-09-08 18:14 -------- d-----w- h:\program files\Microsoft.NET
2009-09-07 23:59 . 2009-09-07 23:59 -------- d-----w- h:\documents and settings\A Computer\Application Data\OpenOffice.org

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 19:44 . 2009-01-07 22:36 -------- d-----w- h:\program files\Eraser
2009-09-30 23:09 . 2008-12-18 23:06 -------- d-----w- h:\documents and settings\A Computer\Application Data\Canon
2009-09-30 11:03 . 2008-06-15 18:41 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-09-28 21:21 . 2008-06-23 22:38 -------- d-----w- h:\program files\The Logo Creator v5
2009-09-24 23:14 . 2008-06-08 02:23 75240 ----a-w- h:\documents and settings\A Computer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 21:54 . 2008-07-24 20:24 38224 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2008-06-15 18:41 19160 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-09-09 21:54 . 2008-06-08 23:34 -------- d--h--w- h:\program files\InstallShield Installation Information
2009-09-08 20:11 . 2008-06-08 19:36 -------- d-----w- h:\program files\Microsoft Silverlight
2009-09-08 20:03 . 2008-06-08 03:42 -------- d-----w- h:\program files\Microsoft Works
2009-09-08 19:49 . 2009-07-22 23:51 -------- d-----w- h:\program files\MSBuild
2009-09-07 23:51 . 2009-01-19 22:53 411368 ----a-w- h:\windows\system32\deploytk.dll
2009-09-07 22:51 . 2009-08-11 07:13 -------- d-----w- h:\program files\Full Tilt Poker
2009-08-27 20:50 . 2009-08-27 20:50 -------- d-----w- h:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-08-27 20:50 . 2009-08-27 20:50 -------- d-----w- h:\documents and settings\A Computer\Application Data\Office Genuine Advantage
2009-08-27 20:08 . 2009-08-27 20:07 -------- d-----w- h:\program files\Windows Live
2009-08-27 20:08 . 2009-08-27 20:08 -------- d-----w- h:\program files\Microsoft
2009-08-27 20:07 . 2009-08-27 20:07 -------- d-----w- h:\program files\Windows Live SkyDrive
2009-08-27 20:07 . 2009-08-27 20:07 -------- d-----w- h:\program files\Microsoft SQL Server Compact Edition
2009-08-27 19:53 . 2009-08-27 19:53 -------- d-----w- h:\program files\Common Files\Windows Live
2009-08-25 22:57 . 2009-03-05 23:06 -------- d-----w- h:\documents and settings\A Computer\Application Data\TeamViewer
2009-08-23 00:00 . 2008-06-16 01:33 -------- d-----w- h:\documents and settings\A Computer\Application Data\Apple Computer
2009-08-20 22:40 . 2009-08-20 22:39 -------- d-----w- h:\program files\TOPO! Explorer
2009-08-15 22:52 . 2009-01-19 02:46 -------- d-----w- h:\program files\Recuva
2009-08-15 22:17 . 2009-08-15 22:17 -------- d-----w- h:\program files\GetData
2009-08-11 07:36 . 2009-02-20 21:20 -------- d-----w- h:\program files\PokerStars
2009-08-10 21:07 . 2008-06-08 02:20 -------- d-----w- h:\program files\CCleaner
2009-08-08 21:39 . 2009-08-08 21:39 -------- d-----w- h:\program files\Replay AV 8
2009-08-05 10:28 . 2009-06-21 09:47 55656 ----a-w- h:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 07:56 204800 ----a-w- h:\windows\system32\mswebdvd.dll
2009-08-04 20:10 . 2009-08-04 20:10 45056 ----a-w- h:\windows\system32\UTSCSI.EXE
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- h:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- h:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- h:\windows\system32\OGAEXEC.exe
2009-07-31 19:39 . 2009-07-31 19:40 51200 ----a-w- h:\windows\system32\drivers\MUD.sys
2009-07-17 19:01 . 2004-08-04 07:56 58880 ----a-w- h:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 07:56 286208 ----a-w- h:\windows\system32\wmpdxm.dll
2009-07-13 09:35 . 2009-07-13 09:35 9472 ----a-w- h:\windows\system32\drivers\SnopFree.sys
2009-07-13 09:35 . 2009-07-13 09:35 90112 ----a-w- h:\windows\system32\SnoopFreeSvc.exe
2009-07-13 09:35 . 2009-07-13 09:35 45056 ----a-w- h:\windows\SnoopFreeDll.dll
2009-07-13 09:35 . 2009-07-13 09:35 221184 ----a-w- h:\windows\SnoopFreeUI.exe
2009-07-10 19:15 . 2009-07-10 19:15 306544 ----a-w- h:\windows\WLXPGSS.SCR
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "h:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-07-02 66912]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-07-02 23:09 66912 ----a-w- h:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 16:55 1090816 ----a-w- h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "h:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="h:\program files\Eraser\eraser.exe" [2009-01-07 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2009-03-28 13684736]
"COMODO Firewall Pro"="h:\program files\COMODO\Firewall\cfp.exe" [2009-07-02 1655552]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2009-03-28 86016]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AVG8_TRAY"="h:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-23 2007832]
"SnoopFreeUI"="SnoopFreeUI.exe" - h:\windows\SnoopFreeUI.exe [2009-07-13 221184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-23 22:58 11952 ----a-w- h:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"h:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"h:\\Program Files\\uTorrent\\uTorrent.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"h:\\Program Files\\TOPO! Explorer\\te.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"h:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;h:\windows\system32\drivers\avgldx86.sys [9/23/2009 3:58 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;h:\windows\system32\drivers\avgtdix.sys [9/23/2009 3:58 PM 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;h:\windows\system32\drivers\cmdguard.sys [7/2/2009 4:08 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;h:\windows\system32\drivers\cmdhlp.sys [7/2/2009 4:08 PM 24208]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 avg8wd;AVG Free8 WatchDog;h:\progra~1\AVG\AVG8\avgwdsvc.exe [9/23/2009 3:58 PM 297752]
S2 LxrSII1d;Secure II Driver;\??\h:\windows\system32\Drivers\LxrSII1d.sys --> h:\windows\system32\Drivers\LxrSII1d.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;h:\windows\system32\drivers\Amps2prt.sys [8/13/2009 4:08 AM 14336]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;h:\windows\system32\drivers\BRGSp50.sys [7/27/2009 1:17 PM 20608]
S3 BzSpIDer;BzSpIDer;\??\k:\opiron\BzSpIDer.sys --> k:\opiron\BzSpIDer.sys [?]
S3 CEMAVIUDUJPHPAVE;CEMAVIUDUJPHPAVE;h:\docume~1\ACOMPU~1\LOCALS~1\Temp\CEMAVIUDUJPHPAVE.exe --> h:\docume~1\ACOMPU~1\LOCALS~1\Temp\CEMAVIUDUJPHPAVE.exe [?]
S3 MUD;Driver for Magellan USB Device;h:\windows\system32\drivers\MUD.sys [7/31/2009 12:40 PM 51200]
S3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"h:\windows\system32\rundll32.exe" "h:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-10-01 h:\windows\Tasks\OGALogon.job
- h:\windows\system32\OGAEXEC.exe [2009-08-03 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {CADEE1F4-7A51-49B8-A6EF-53FB23C47BC4} = 208.67.222.222,208.67.220.220
FF - ProfilePath - h:\documents and settings\A Computer\Application Data\Mozilla\Firefox\Profiles\xevrfhgv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: h:\documents and settings\A Computer\Application Data\Mozilla\Firefox\Profiles\xevrfhgv.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: h:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: h:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: h:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: h:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 15:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3084)
h:\windows\system32\WININET.dll
h:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
h:\windows\system32\ieframe.dll
h:\windows\system32\webcheck.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-02 15:09
ComboFix-quarantined-files.txt 2009-10-02 22:09
ComboFix2.txt 2009-10-02 19:07
ComboFix3.txt 2009-10-01 19:48

Pre-Run: 229,951,238,144 bytes free
Post-Run: 229,977,886,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

227 --- E O F --- 2009-09-25 15:00

#14 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:48 PM

Posted 02 October 2009 - 05:46 PM

nm

Edited by thewall, 02 October 2009 - 05:47 PM.

If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#15 BNDAZ

BNDAZ
  • Topic Starter

  • Members
  • 286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 PM

Posted 02 October 2009 - 05:53 PM

nm?
should i know what that means :(
No Malware perhaps?

Edited by BNDAZ, 02 October 2009 - 05:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users