Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Results Re-Director


  • This topic is locked This topic is locked
24 replies to this topic

#1 siriusfire

siriusfire

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 26 March 2010 - 02:31 PM

I appear to have picked up some Malware that when using Firefox browser, does the classic re-direction of google results to other search engines (including ASK and others) and also to some infected site pages.

While re-directing to a new siite it gives a fav- icon like this in the address bar :

I have Comodo Firewall, Avira AV and Scotty all installed on my system - also Malwarebyte AntiMalware and Spybot Search and Destroy don't appear to have shifted this one - unless of course I have done something wrong in the order of removal!


I've also included a Hi-Jack-This Log if that's of any use

DDS Log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 19:16:11.75 on 26/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.374 [GMT 0:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\WINDOWS\system32\svchost.exe -k netsvcs
E:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
E:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
E:\Program Files\a-squared Free\a2service.exe
E:\Program Files\Avira\AntiVir Desktop\avguard.exe
E:\Program Files\Comodo\CBOClean\BOCORE.exe
E:\WINDOWS\System32\CTsvcCDA.exe
E:\Program Files\CyberLink\Shared files\RichVideo.exe
E:\WINDOWS\system32\slserv.exe
E:\WINDOWS\System32\svchost.exe -k imgsvc
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\CTHELPER.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\PROGRA~1\Comodo\CBOClean\BOC427.exe
E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
E:\Program Files\Comodo\Firewall\cfp.exe
E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Microsoft ActiveSync\wcescomm.exe
E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
E:\PROGRA~1\MICROS~3\rapimgr.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\dds.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comodo.com/search/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - e:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - e:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - e:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\googletoolbar2.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] e:\windows\system32\ctfmon.exe
uRun: [swg] "e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RemoteCenter] e:\program files\creative\mediasource\remotecontrol\RcMan.exe
uRun: [H/PC Connection Agent] "e:\program files\microsoft activesync\wcescomm.exe"
uRun: [PC Suite Tray] "e:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [UpdReg] e:\windows\UpdReg.EXE
mRun: [CTStartup] "e:\program files\creative\splash screen\CTEaxSpl.EXE" /run
mRun: [ATIPTA] "e:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [IntelliPoint] "e:\program files\microsoft intellipoint\point32.exe"
mRun: [BOC-427] e:\progra~1\comodo\cboclean\BOC427.exe
mRun: [WinPatrol] e:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [COMODO Firewall Pro] "e:\program files\comodo\firewall\cfp.exe" -h
mRun: [CTSysVol] e:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe
mRun: [CTDVDDet] e:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE
mRun: [COMODO Internet Security] "e:\program files\comodo\firewall\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - g:\program files\nuance\cnvres_eng.dll /100
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - e:\progra~1\micros~3\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://e:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://info.cityjet.com/dwa7W.cab
TCP: {58088A50-3CBA-445F-B424-5EADC63DC578} = 158.152.1.58,158.152.1.43
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: e:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\james~1.jam\applic~1\mozilla\firefox\profiles\bzcve9bl.default\
FF - plugin: e:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: e:\program files\virtools\3d life player\nppl3260.dll
FF - plugin: e:\program files\virtools\3d life player\nprpjplug.dll
FF - plugin: e:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: e:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;e:\program files\avira\antivir desktop\avgio.sys [2009-7-17 11608]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;e:\windows\system32\drivers\cmdguard.sys [2008-10-6 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [2008-10-6 25160]
R2 a2free;a-squared Free Service;e:\program files\a-squared free\a2service.exe [2008-10-6 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\avira\antivir desktop\sched.exe [2009-7-17 108289]
R2 AntiVirService;Avira AntiVir Guard;e:\program files\avira\antivir desktop\avguard.exe [2009-7-17 185089]
R2 avgntflt;avgntflt;e:\windows\system32\drivers\avgntflt.sys [2009-7-17 56816]
R2 BOCore;BOCore;e:\program files\comodo\cboclean\BOCore.exe [2008-10-6 73464]
R2 cmdAgent;COMODO Internet Security Helper Service;e:\program files\comodo\firewall\cmdagent.exe [2008-10-6 723632]
R2 HPFECP13;HPFECP13;e:\windows\system32\drivers\HPFecp13.sys [2008-5-23 52800]
R3 ctgame;Game Port;e:\windows\system32\drivers\ctgame.sys [2002-12-30 12160]
R3 DivioUSBDCam;CMOS 330K Rev. 2.19F;e:\windows\system32\drivers\pcam.sys [2000-10-20 178848]
S4 PDFProFiltSrv;PDFProFiltSrv;g:\program files\nuance\PDFProFiltSrv.exe [2008-2-2 144672]
S4 Zope_-1670881038;Zope instance at e:\program files\plone\parts\instance;e:\program files\plone\python\pythonservice.exe [2010-2-28 8704]

============== File Associations ===============

regfile=
scrfile=

=============== Created Last 30 ================

2010-03-26 18:29:23 0 d-----w- e:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy
2010-03-26 18:29:10 0 d-----w- e:\program files\Spybot - Search & Destroy
2010-03-26 12:00:45 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-26 12:00:40 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-26 12:00:40 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-26 01:20:10 27 ----a-w- e:\windows\CVA_Converter.INI
2010-03-25 03:39:52 0 d-----w- e:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-24 23:51:21 0 d-----w- e:\program files\common files\DivX Shared
2010-03-24 23:49:02 0 d-----w- e:\program files\DivX
2010-03-24 23:48:07 0 d-----w- e:\docume~1\alluse~1.win\applic~1\DivX
2010-03-24 15:13:17 32656 ----a-w- e:\windows\system32\msonpmon.dll
2010-03-24 14:54:41 0 d-----w- e:\program files\Microsoft Visual Studio 8
2010-03-23 14:16:28 0 d-----w- e:\program files\Verity
2010-03-22 11:56:30 54156 ---ha-w- e:\windows\QTFont.qfn
2010-03-22 11:56:30 1409 ----a-w- e:\windows\QTFont.for
2010-03-22 01:53:01 0 d-----w- e:\documents and settings\all users.windows\CyberLink
2010-03-22 01:12:37 0 d-----w- e:\docume~1\alluse~1.win\applic~1\SmartSound Software Inc
2010-03-22 01:12:36 0 d-----w- e:\program files\SmartSound Software
2010-03-20 01:48:35 0 ----a-w- e:\windows\PROTOCOL.INI
2010-03-20 01:48:33 57328 ----a-w- e:\windows\system\OLE2CONV.DLL
2010-03-20 01:48:33 536048 ----a-w- e:\windows\system\OC25.DLL
2010-03-20 01:48:33 51712 ----a-w- e:\windows\system\OLE2PROX.DLL
2010-03-20 01:48:33 304640 ----a-w- e:\windows\system\OLE2.DLL
2010-03-20 01:48:33 28113 ----a-w- e:\windows\system\OLE2.REG
2010-03-20 01:48:33 177824 ----a-w- e:\windows\system\TYPELIB.DLL
2010-03-20 01:48:33 164960 ----a-w- e:\windows\system\OLE2DISP.DLL
2010-03-20 01:48:33 157696 ----a-w- e:\windows\system\STORAGE.DLL
2010-03-20 01:48:33 152976 ----a-w- e:\windows\system\OLE2NLS.DLL
2010-03-20 01:48:32 109056 ----a-w- e:\windows\system\COMPOBJ.DLL
2010-03-20 01:48:30 0 d-----w- e:\program files\Asymetrix
2010-03-20 01:48:09 299520 ----a-w- e:\windows\uninst.exe
2010-03-11 22:35:07 3255 ----a-w- e:\windows\system32\wbem\Outlook_01cac16b19a4d618.mof
2010-03-11 14:19:47 3558912 -c----w- e:\windows\system32\dllcache\moviemk.exe
2010-03-08 23:24:58 56832 ------w- e:\windows\system32\mwace.dll
2010-03-08 23:24:58 28672 ------w- e:\windows\system32\mwgfxcopy.exe
2010-03-08 23:24:58 237056 ------w- e:\windows\system32\mwgfx24.dll
2010-03-08 23:24:58 191488 ------w- e:\windows\system32\mwgfx.dll
2010-03-08 23:24:58 104960 ------w- e:\windows\system32\mwdds.dll
2010-03-08 17:59:18 94208 ----a-w- e:\windows\system32\dpl100.dll
2010-03-04 00:07:13 293376 ------w- e:\windows\system32\browserchoice.exe
2010-03-02 18:16:04 353592 ----a-w- e:\windows\system32\DivXControlPanelApplet.cpl
2010-02-28 08:45:23 1409 ----a-w- e:\windows\system32\tmpC31B4.FOT
2010-02-28 08:45:23 1409 ----a-w- e:\windows\system32\tmp3D2B4.FOT
2010-02-28 08:45:22 1409 ----a-w- e:\windows\system32\tmpA5CA4.FOT
2010-02-28 08:45:22 1409 ----a-w- e:\windows\system32\tmp00EA4.FOT
2010-02-28 00:43:27 0 d-----w- e:\program files\Plone
2010-02-25 22:57:52 0 d-----w- e:\docume~1\james~1.jam\applic~1\FastStone
2010-02-25 22:56:23 0 d-----w- e:\program files\FastStone Photo Resizer

==================== Find3M ====================

2010-03-22 21:08:30 729088 ----a-w- e:\windows\iun6002.exe
2010-02-19 19:27:36 720384 ----a-w- e:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- e:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- e:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- e:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- e:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- e:\windows\system32\divx_xx11.dll
2010-02-07 12:03:16 171552 ----a-w- e:\windows\system32\guard32.dll
2010-02-07 12:03:13 134344 ----a-w- e:\windows\system32\drivers\cmdguard.sys
2010-01-29 18:17:01 25160 ----a-w- e:\windows\system32\drivers\cmdhlp.sys
2010-01-09 20:56:54 2560 ----a-w- e:\windows\_MSRSTRT.EXE
1996-12-02 18:44:28 582144 -c--a-w- e:\program files\common files\dao350.dll
2008-05-21 16:56:16 61 --sh--w- e:\windows\cnerolf.dat
2008-04-14 00:11:49 65024 --sha-w- e:\windows\system32\asycfilt.dll
2003-10-01 00:00:00 3584 --sha-w- e:\windows\system32\comcat.dll
2008-04-14 00:12:00 1384479 --sha-w- e:\windows\system32\msvbvm60.dll
2008-04-14 00:12:02 551936 --sha-w- e:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sha-w- e:\windows\system32\olepro32.dll

============= FINISH: 19:21:12.70 ===============


HAMeb Log:

E:\Documents and

Settings\James.JAMES-ICD08K3FV\Desktop\gmer\HAMeb_check.exe
26/03/2010 at 22:42:47.73

Full Name Remote Desktop Help Assistant Account
Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in List

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,

http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll

nvata.sys
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\param

eters
ServiceDll REG_EXPAND_SZ

%SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\Global

lyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob

allyOpenPorts\List]


~~ EOF ~~

Attached Files


Edited by siriusfire, 26 March 2010 - 05:46 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,066 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:50 AM

Posted 30 March 2010 - 02:59 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 04:33 AM

Hi Elise

The problem is unchanged: the re-direction of google results to other search engines (including ASK and others) and also to some infected site pages. This appears to only be on Firefox and at this time Explorer appears unaffected.

While re-directing to a new siite it gives a fav- icon like this in the address bar :

I have Comodo Firewall, Avira AV and Scotty all installed on my system - also Malwarebyte AntiMalware and Spybot Search and Destroy don't appear to have shifted this one - unless of course I have done something wrong in the order of removal!

Thanks very much in advance

James

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL List:

OTL logfile created on: 31/03/2010 00:23:23 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 37.28 Gb Total Space | 4.50 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
Drive D: | 1.01 Gb Total Space | 0.31 Gb Free Space | 30.32% Space Free | Partition Type: FAT32
Drive E: | 58.59 Gb Total Space | 1.89 Gb Free Space | 3.22% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 10.40 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 5.73 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
Drive H: | 266.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JAMES-ICD08K3FV
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/31 00:19:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\OTL.exe
PRC - [2010/03/25 17:30:37 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- E:\Program Files\a-squared Free\a2service.exe
PRC - [2010/03/23 17:01:55 | 000,910,296 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/29 19:16:30 | 001,800,464 | ---- | M] (COMODO) -- E:\Program Files\Comodo\Firewall\cfp.exe
PRC - [2010/01/29 19:16:17 | 000,723,632 | ---- | M] (COMODO) -- E:\Program Files\Comodo\Firewall\cmdagent.exe
PRC - [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- E:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- E:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/27 10:14:22 | 000,128,000 | ---- | M] (Nokia) -- E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/08/05 12:06:26 | 000,185,089 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/22 19:45:12 | 000,199,616 | ---- | M] (Vuze Inc.) -- E:\Program Files\Vuze\Azureus.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- E:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/09/19 04:59:00 | 000,333,120 | ---- | M] (BillP Studios) -- E:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/07/14 05:09:28 | 000,073,464 | ---- | M] (COMODO) -- E:\Program Files\Comodo\CBOClean\BOCore.exe
PRC - [2008/07/14 05:09:26 | 000,351,480 | ---- | M] (COMODO) -- E:\Program Files\Comodo\CBOClean\BOC427.EXE
PRC - [2008/04/14 01:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008/02/02 02:20:40 | 000,795,936 | ---- | M] (Nuance Communications, Inc.) -- G:\program files\nuance\PdfPro5Hook.exe
PRC - [2007/04/03 23:37:01 | 000,068,856 | ---- | M] (Google Inc.) -- E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/08/11 14:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\CTHELPER.EXE
PRC - [2005/03/24 00:26:09 | 000,217,088 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2004/11/15 11:20:20 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 00:56:58 | 000,073,796 | ---- | M] (Smart Link) -- E:\WINDOWS\system32\slserv.exe
PRC - [2002/09/11 11:04:58 | 000,053,248 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/04 08:59:26 | 000,135,168 | ---- | M] (Creative Technology Ltd.) -- E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
PRC - [2002/08/13 01:00:00 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
PRC - [2002/07/26 09:23:28 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\MediaSource\RemoteControl\OSDEAX.exe
PRC - [2002/07/12 08:10:34 | 000,135,168 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 00:19:18 | 000,555,520 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\OTL.exe
MOD - [2010/02/07 13:03:16 | 000,171,552 | ---- | M] (COMODO) -- E:\WINDOWS\system32\guard32.dll
MOD - [2008/09/19 04:59:08 | 000,062,776 | ---- | M] (BillP Studios) -- E:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2006/08/11 14:56:02 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 17:30:37 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- E:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2010/01/29 19:16:17 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- E:\Program Files\Comodo\Firewall\cmdagent.exe -- (cmdAgent)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- E:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/05 12:06:26 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/05 12:16:30 | 000,008,704 | ---- | M] () [Disabled | Stopped] -- E:\Program Files\Plone\python\PythonService.exe -- (Zope_-1670881038)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- E:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/11 23:08:40 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/07/14 05:09:28 | 000,073,464 | ---- | M] (COMODO) [Auto | Running] -- E:\Program Files\Comodo\CBOClean\BOCore.exe -- (BOCore)
SRV - [2008/02/02 02:20:34 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- G:\program files\nuance\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2004/08/04 00:56:58 | 000,073,796 | ---- | M] (Smart Link) [Auto | Running] -- E:\WINDOWS\System32\slserv.exe -- (SLService)


========== Driver Services (SafeList) ==========

DRV - [2010/02/07 13:03:13 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- E:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/29 19:17:02 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/01/29 19:17:01 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/07 16:06:48 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/07/21 17:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- E:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 20:45:32 | 000,059,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\GcKernel.sys -- (GcKernel)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/04/17 15:14:10 | 000,015,376 | ---- | M] () [Kernel | On_Demand | Running] -- E:\Program Files\Comodo\CBOClean\BOCDRIVE.SYS -- (BOCDRIVE)
DRV - [2006/08/11 14:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfModNT)
DRV - [2006/08/11 14:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 14:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 14:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 14:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 14:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 14:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 14:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 14:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 14:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/05/17 10:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/04/05 20:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/04/05 20:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/11/17 12:05:38 | 002,297,664 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2004/08/03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2004/08/03 22:41:44 | 000,404,990 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2004/08/03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2004/08/03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) [Kernel | Boot | Running] -- E:\WINDOWS\System32\DRIVERS\RecAgent.sys -- (RecAgent)
DRV - [2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2002/12/30 10:53:36 | 000,012,160 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2002/09/23 13:53:24 | 000,292,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2001/08/17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 14:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd)
DRV - [2001/08/17 14:02:32 | 000,008,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\hidgame.sys -- (hidgame)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2000/10/20 15:21:56 | 000,178,848 | ---- | M] (Divio Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\pcam.sys -- (DivioUSBDCam)
DRV - [1998/09/25 09:55:24 | 000,052,800 | ---- | M] () [Kernel | Auto | Running] -- E:\WINDOWS\System32\drivers\HPFECP13.SYS -- (HPFECP13)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-152049171-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {331670ee-d8e6-47ae-83ba-c67bba95b1c4}:2.1

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: E:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/21 12:10:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: E:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2009/12/06 12:02:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/03/23 17:02:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/03/24 16:09:54 | 000,000,000 | ---D | M]

[2009/03/24 12:20:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Extensions
[2009/03/24 12:20:09 | 000,000,000 | ---D | M] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/03/30 01:47:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\extensions
[2009/09/06 21:37:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/10/09 23:15:35 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/20 13:55:16 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/03/30 01:47:17 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2006/11/14 01:56:28 | 000,000,000 | ---D | M] (WhenU) -- E:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}
[2006/11/29 19:06:51 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2008/10/06 21:24:14 | 000,024,683 | ---- | M] (Ask.com) -- E:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

O1 HOSTS File: ([2003/10/01 01:00:00 | 000,000,734 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1844237615-152049171-839522115-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - e:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-1844237615-152049171-839522115-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - E:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [BOC-427] E:\Program Files\Comodo\CBOClean\BOC427.EXE (COMODO)
O4 - HKLM..\Run: [COMODO Firewall Pro] E:\Program Files\Comodo\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] E:\Program Files\Comodo\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [CTDVDDet] E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] E:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTStartup] E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] E:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [IntelliPoint] E:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] E:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UpdReg] E:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinPatrol] E:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-1844237615-152049171-839522115-1001..\Run: [H/PC Connection Agent] E:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1844237615-152049171-839522115-1001..\Run: [PC Suite Tray] E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\S-1-5-21-1844237615-152049171-839522115-1001..\Run: [RemoteCenter] E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1844237615-152049171-839522115-1001..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: E:\Documents and Settings\James\Start Menu\Programs\Startup\SpywareGuard.lnk = E:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - E:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - G:\program files\nuance\cnvres_eng.dll ()
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O12 - Plugin for: .spop - E:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://info.cityjet.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: DirectAnimation Java Classes file://E:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://E:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - E:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (E:\WINDOWS\system32\guard32.dll) - E:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/08 04:30:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/15 15:13:57 | 000,000,184 | RH-- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{98b3c564-2747-11dd-b5ff-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{98b3c564-2747-11dd-b5ff-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98b3c564-2747-11dd-b5ff-806d6172696f}\Shell\AutoRun\command - "" = H:\SETUP.EXE -- [2003/07/15 06:57:58 | 000,416,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{98b3c564-2747-11dd-b5ff-806d6172696f}\Shell\configure\command - "" = H:\SETUP.EXE -- [2003/07/15 06:57:58 | 000,416,824 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{98b3c564-2747-11dd-b5ff-806d6172696f}\Shell\install\command - "" = H:\SETUP.EXE -- [2003/07/15 06:57:58 | 000,416,824 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/30 01:15:09 | 005,520,400 | ---- | C] (Microsoft Corporation) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe
[2010/03/27 02:09:25 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\DivX
[2010/03/27 01:27:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\AISchedule
[2010/03/27 01:27:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\AISchedule
[2010/03/27 01:26:46 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Deployment
[2010/03/26 22:24:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\New Folder
[2010/03/26 20:18:17 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer
[2010/03/26 19:29:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/03/26 19:29:10 | 000,000,000 | ---D | C] -- E:\Program Files\Spybot - Search & Destroy
[2010/03/26 13:00:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/26 13:00:40 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 13:00:40 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010/03/25 04:39:52 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/25 00:51:21 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\DivX Shared
[2010/03/25 00:49:02 | 000,000,000 | ---D | C] -- E:\Program Files\DivX
[2010/03/25 00:48:07 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\DivX
[2010/03/24 16:13:17 | 000,032,656 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\msonpmon.dll
[2010/03/24 16:09:52 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Works
[2010/03/24 15:54:41 | 000,000,000 | ---D | C] -- E:\Program Files\Microsoft Visual Studio 8
[2010/03/24 15:52:11 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Microsoft Help
[2010/03/24 15:51:37 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
[2010/03/24 15:46:33 | 000,000,000 | RH-D | C] -- E:\MSOCache
[2010/03/24 14:19:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/24 14:19:56 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/23 15:16:28 | 000,000,000 | ---D | C] -- E:\Program Files\Verity
[2010/03/22 12:56:32 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Apple Computer
[2010/03/22 02:53:01 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\CyberLink
[2010/03/22 02:24:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
[2010/03/22 02:24:40 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\CyberLink
[2010/03/22 02:24:37 | 000,000,000 | -H-D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\ShadowEditFiles
[2010/03/22 02:24:21 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\CyberLink
[2010/03/22 02:19:18 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\Temp
[2010/03/22 02:12:37 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
[2010/03/22 02:12:36 | 000,000,000 | ---D | C] -- E:\Program Files\SmartSound Software
[2010/03/22 02:08:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2010/03/22 01:13:30 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\Power Director 7
[2010/03/20 02:48:33 | 000,536,048 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\OC25.DLL
[2010/03/20 02:48:33 | 000,304,640 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\OLE2.DLL
[2010/03/20 02:48:33 | 000,177,824 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\TYPELIB.DLL
[2010/03/20 02:48:33 | 000,164,960 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\OLE2DISP.DLL
[2010/03/20 02:48:33 | 000,152,976 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\OLE2NLS.DLL
[2010/03/20 02:48:33 | 000,057,328 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\OLE2CONV.DLL
[2010/03/20 02:48:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\OLE2PROX.DLL
[2010/03/20 02:48:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System\COMPOBJ.DLL
[2010/03/20 02:48:30 | 000,000,000 | ---D | C] -- E:\Program Files\Asymetrix
[2010/03/20 02:48:09 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- E:\WINDOWS\uninst.exe
[2010/03/19 01:42:57 | 000,000,000 | ---D | C] -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\Downloads
[2010/03/11 15:19:47 | 003,558,912 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/09 00:24:58 | 000,237,056 | ---- | C] (MW Publishing) -- E:\WINDOWS\System32\mwgfx24.dll
[2010/03/09 00:24:58 | 000,191,488 | ---- | C] (MW Graphics) -- E:\WINDOWS\System32\mwgfx.dll
[2010/03/09 00:24:58 | 000,104,960 | ---- | C] (MW Graphics) -- E:\WINDOWS\System32\mwdds.dll
[2010/03/09 00:24:58 | 000,056,832 | ---- | C] (MW Graphics) -- E:\WINDOWS\System32\mwace.dll
[2010/03/09 00:24:58 | 000,028,672 | ---- | C] (MW Graphics) -- E:\WINDOWS\System32\mwgfxcopy.exe
[2010/03/08 18:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- E:\WINDOWS\System32\dpl100.dll
[2010/03/04 01:07:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\browserchoice.exe
[2010/03/02 19:16:04 | 000,353,592 | ---- | C] (DivX, Inc.) -- E:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2009/05/17 23:01:39 | 000,018,944 | ---- | C] ( ) -- E:\WINDOWS\System32\implode.dll
[2007/12/05 15:48:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Macromedia
[2007/12/05 15:14:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Talkback
[2007/12/04 18:30:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/12/04 18:30:04 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/09/09 10:30:12 | 000,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Application Data\Microsoft
[2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- E:\WINDOWS\System32\a3d.dll
[1996/12/02 19:44:28 | 000,582,144 | ---- | C] (Microsoft Corporation) -- E:\Program Files\Common Files\dao350.dll
[9 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[6 E:\WINDOWS\System32\drivers\*.tmp files -> E:\WINDOWS\System32\drivers\*.tmp -> ]
[52 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[15 E:\WINDOWS\System32\dllcache\*.tmp files -> E:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 E:\Documents and Settings\James.JAMES-ICD08K3FV\*.tmp files -> E:\Documents and Settings\James.JAMES-ICD08K3FV\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/30 17:46:41 | 014,417,920 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\ntuser.dat
[2010/03/30 16:16:41 | 000,015,288 | ---- | M] () -- E:\WINDOWS\BOC427.INI
[2010/03/30 01:15:24 | 005,520,400 | ---- | M] (Microsoft Corporation) -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe
[2010/03/29 17:34:18 | 004,958,588 | ---- | M] () -- E:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-10021102}.CDF
[2010/03/29 17:34:18 | 004,958,588 | ---- | M] () -- E:\WINDOWS\{00000005-00000000-00000008-00001102-00000004-10021102}.BAK
[2010/03/28 16:39:59 | 000,000,664 | ---- | M] () -- E:\WINDOWS\System32\d3d9caps.dat
[2010/03/28 16:13:04 | 000,474,736 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010/03/28 16:13:04 | 000,079,522 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010/03/28 16:13:03 | 000,564,650 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15:59:30 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/03/28 15:59:25 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/03/28 15:59:21 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/03/28 03:02:57 | 000,000,552 | ---- | M] () -- E:\WINDOWS\System32\d3d8caps.dat
[2010/03/27 08:26:43 | 000,054,156 | -H-- | M] () -- E:\WINDOWS\QTFont.qfn
[2010/03/27 02:32:15 | 000,031,056 | ---- | M] () -- E:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000008-00001102-00000004-10021102}.rfx
[2010/03/27 02:32:15 | 000,031,056 | ---- | M] () -- E:\WINDOWS\System32\BMXState-{00000005-00000000-00000008-00001102-00000004-10021102}.rfx
[2010/03/27 02:32:15 | 000,030,528 | ---- | M] () -- E:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000008-00001102-00000004-10021102}.rfx
[2010/03/27 02:32:15 | 000,030,528 | ---- | M] () -- E:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000008-00001102-00000004-10021102}.rfx
[2010/03/27 02:32:15 | 000,011,564 | ---- | M] () -- E:\WINDOWS\System32\DVCState-{00000005-00000000-00000008-00001102-00000004-10021102}.rfx
[2010/03/27 02:32:15 | 000,001,080 | ---- | M] () -- E:\WINDOWS\System32\settingsbkup.sfm
[2010/03/27 02:32:15 | 000,001,080 | ---- | M] () -- E:\WINDOWS\System32\settings.sfm
[2010/03/27 02:28:31 | 000,000,278 | -HS- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\ntuser.ini
[2010/03/27 02:28:23 | 001,043,906 | -H-- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\IconCache.db
[2010/03/26 23:52:06 | 000,000,827 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\Traffic Changer.lnk
[2010/03/26 18:42:56 | 000,078,002 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\PS3.pspimage
[2010/03/26 18:42:44 | 000,063,364 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\PS2.pspimage
[2010/03/26 18:42:30 | 000,043,964 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\PS1.pspimage
[2010/03/26 17:21:09 | 000,051,595 | ---- | M] () -- E:\WINDOWS\Run32A40.mch
[2010/03/26 14:30:32 | 000,000,035 | ---- | M] () -- E:\WINDOWS\A4W.INI
[2010/03/26 02:20:10 | 000,000,027 | ---- | M] () -- E:\WINDOWS\CVA_Converter.INI
[2010/03/25 15:20:50 | 000,077,976 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/25 11:04:55 | 000,340,240 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/25 04:11:35 | 000,000,603 | ---- | M] () -- E:\WINDOWS\win.ini
[2010/03/22 22:08:30 | 000,729,088 | ---- | M] (Indigo Rose Corporation) -- E:\WINDOWS\iun6002.exe
[2010/03/22 19:17:14 | 000,094,539 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\pspbrwse.jbf
[2010/03/22 12:56:30 | 000,001,409 | ---- | M] () -- E:\WINDOWS\QTFont.for
[2010/03/22 11:38:23 | 013,732,709 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\TomRadio2.MP4
[2010/03/22 11:36:56 | 000,003,546 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00003.THM
[2010/03/22 11:23:14 | 013,732,709 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00002.MP4
[2010/03/22 11:21:48 | 000,003,546 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00002.THM
[2010/03/22 04:24:09 | 527,842,132 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\Radio2Tom.avi
[2010/03/22 04:15:58 | 013,744,290 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00001.MP4
[2010/03/22 04:14:41 | 000,003,546 | ---- | M] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00001.THM
[2010/03/22 03:49:12 | 000,000,136 | ---- | M] () -- E:\WINDOWS\SBWIN.INI
[2010/03/22 03:19:59 | 000,000,056 | ---- | M] () -- E:\WINDOWS\CTWave32.ini
[2010/03/20 16:23:30 | 000,000,116 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2010/03/20 02:48:35 | 000,000,000 | ---- | M] () -- E:\WINDOWS\PROTOCOL.INI
[2010/03/17 01:30:05 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\ALCFDRTM.VER
[2010/03/08 18:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- E:\WINDOWS\System32\dpl100.dll
[2010/03/02 19:16:04 | 000,353,592 | ---- | M] (DivX, Inc.) -- E:\WINDOWS\System32\DivXControlPanelApplet.cpl
[9 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[6 E:\WINDOWS\System32\drivers\*.tmp files -> E:\WINDOWS\System32\drivers\*.tmp -> ]
[52 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[15 E:\WINDOWS\System32\dllcache\*.tmp files -> E:\WINDOWS\System32\dllcache\*.tmp -> ]
[1 E:\Documents and Settings\James.JAMES-ICD08K3FV\*.tmp files -> E:\Documents and Settings\James.JAMES-ICD08K3FV\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/28 03:02:57 | 000,000,552 | ---- | C] () -- E:\WINDOWS\System32\d3d8caps.dat
[2010/03/26 23:52:06 | 000,000,827 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\Traffic Changer.lnk
[2010/03/26 18:42:56 | 000,078,002 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\PS3.pspimage
[2010/03/26 18:42:43 | 000,063,364 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\PS2.pspimage
[2010/03/26 18:42:29 | 000,043,964 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\PS1.pspimage
[2010/03/26 02:20:10 | 000,000,027 | ---- | C] () -- E:\WINDOWS\CVA_Converter.INI
[2010/03/22 19:17:14 | 000,094,539 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\pspbrwse.jbf
[2010/03/22 12:56:30 | 000,054,156 | -H-- | C] () -- E:\WINDOWS\QTFont.qfn
[2010/03/22 12:56:30 | 000,001,409 | ---- | C] () -- E:\WINDOWS\QTFont.for
[2010/03/22 11:36:56 | 013,732,709 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\TomRadio2.MP4
[2010/03/22 11:36:56 | 000,003,546 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00003.THM
[2010/03/22 11:21:48 | 000,003,546 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00002.THM
[2010/03/22 11:21:37 | 013,732,709 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00002.MP4
[2010/03/22 04:22:16 | 527,842,132 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\Radio2Tom.avi
[2010/03/22 04:14:41 | 000,003,546 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00001.THM
[2010/03/22 04:14:35 | 013,744,290 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\MAQ00001.MP4
[2010/03/20 02:48:35 | 000,000,000 | ---- | C] () -- E:\WINDOWS\PROTOCOL.INI
[2010/03/20 02:48:33 | 000,157,696 | ---- | C] () -- E:\WINDOWS\System\STORAGE.DLL
[2010/03/20 02:48:33 | 000,028,113 | ---- | C] () -- E:\WINDOWS\System\OLE2.REG
[2010/02/22 21:03:36 | 000,000,600 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\PUTTY.RND
[2010/01/09 23:12:40 | 000,053,248 | ---- | C] () -- E:\WINDOWS\System32\xmlparse.dll
[2010/01/09 23:12:36 | 000,081,920 | ---- | C] () -- E:\WINDOWS\System32\xmltok.dll
[2009/08/19 20:19:29 | 000,000,552 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\d3d8caps.dat
[2009/08/06 12:45:43 | 000,292,304 | ---- | C] () -- E:\WINDOWS\System32\drivers\ctdvda2k.sys
[2009/08/05 18:52:40 | 000,000,056 | ---- | C] () -- E:\WINDOWS\CTWave32.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- E:\WINDOWS\System32\OGACheckControl.dll
[2009/06/19 09:01:04 | 000,010,240 | ---- | C] () -- E:\WINDOWS\System32\vidx16.dll
[2009/06/19 09:00:34 | 000,000,938 | ---- | C] () -- E:\WINDOWS\disney.ini
[2009/05/21 14:41:22 | 000,013,040 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\Microsoft Excel.CAL
[2009/05/17 23:01:39 | 000,044,544 | ---- | C] () -- E:\WINDOWS\System32\Gif89.dll
[2009/03/23 23:46:37 | 000,002,528 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Application Data\$_hpcst$.hpc
[2009/03/17 15:27:30 | 000,025,399 | ---- | C] () -- E:\WINDOWS\CSTBox.INI
[2009/02/14 18:43:51 | 000,000,029 | ---- | C] () -- E:\WINDOWS\DEBUGSM.INI
[2009/01/30 15:02:33 | 000,000,077 | ---- | C] () -- E:\WINDOWS\ZC DVD Creator Platinum.INI
[2009/01/30 13:32:08 | 000,000,108 | ---- | C] () -- E:\WINDOWS\Mp3Decode.INI
[2009/01/26 11:41:39 | 002,076,672 | ---- | C] () -- E:\WINDOWS\System32\dz3delight.dll
[2009/01/26 11:41:37 | 006,131,712 | ---- | C] () -- E:\WINDOWS\System32\daz-qt-mt.dll
[2009/01/26 11:41:36 | 001,785,856 | ---- | C] () -- E:\WINDOWS\System32\daz-qsa.dll
[2008/11/18 13:29:39 | 000,006,144 | ---- | C] () -- E:\WINDOWS\System32\ClassXps.dll
[2008/11/18 13:29:38 | 000,210,200 | ---- | C] () -- E:\WINDOWS\System32\TWNPRO3.DLL
[2008/10/06 21:18:14 | 000,015,288 | ---- | C] () -- E:\WINDOWS\BOC427.INI
[2008/08/14 23:23:56 | 000,164,352 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2008/08/14 23:23:54 | 003,596,288 | ---- | C] () -- E:\WINDOWS\System32\qt-dx331.dll
[2008/08/14 23:23:53 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2008/08/14 23:23:53 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/10 00:08:24 | 000,000,097 | ---- | C] () -- E:\WINDOWS\System32\PICSDK.ini
[2008/08/09 23:04:07 | 000,000,025 | ---- | C] () -- E:\WINDOWS\CDE DX8400DEFGIPS.ini
[2008/06/30 23:11:49 | 000,000,151 | ---- | C] () -- E:\WINDOWS\cardwin.INI
[2008/06/29 07:41:46 | 001,624,235 | -HS- | C] () -- E:\WINDOWS\System32\wkwlictj.ini
[2008/06/28 01:36:13 | 000,230,739 | -HS- | C] () -- E:\WINDOWS\System32\RrXaIRqr.ini
[2008/06/27 23:20:36 | 000,000,099 | ---- | C] () -- E:\WINDOWS\HPFCSS13.INI
[2008/06/24 11:43:12 | 000,000,000 | ---- | C] () -- E:\WINDOWS\sysadmin.INI
[2008/06/24 11:23:37 | 000,045,056 | ---- | C] () -- E:\WINDOWS\System32\SS60PP.dll
[2008/06/01 04:22:06 | 000,086,446 | ---- | C] () -- E:\WINDOWS\System32\instwdm.ini
[2008/06/01 04:22:05 | 000,003,072 | ---- | C] () -- E:\WINDOWS\CTXFIRES.DLL
[2008/05/31 19:07:07 | 000,000,116 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2008/05/30 21:12:49 | 000,000,038 | ---- | C] () -- E:\WINDOWS\AviSplitter.INI
[2008/05/24 15:47:52 | 000,000,035 | ---- | C] () -- E:\WINDOWS\A4W.INI
[2008/05/23 01:40:05 | 000,000,197 | ---- | C] () -- E:\WINDOWS\hpfsched.ini
[2008/05/23 01:39:58 | 000,000,245 | ---- | C] () -- E:\WINDOWS\HPFTBX13.INI
[2008/05/23 01:39:40 | 001,080,320 | ---- | C] () -- E:\WINDOWS\System32\HPFtrl13.dll
[2008/05/23 01:39:40 | 000,395,264 | ---- | C] () -- E:\WINDOWS\System32\HPFui13.dll
[2008/05/23 01:39:37 | 000,271,360 | ---- | C] () -- E:\WINDOWS\System32\HPFsrl13.dll
[2008/05/23 01:39:37 | 000,181,248 | ---- | C] () -- E:\WINDOWS\System32\HPFscp13.dll
[2008/05/23 01:39:37 | 000,029,184 | ---- | C] () -- E:\WINDOWS\System32\HPFrsu13.dll
[2008/05/23 01:39:36 | 000,297,472 | ---- | C] () -- E:\WINDOWS\System32\HPFmrl13.dll
[2008/05/23 01:39:36 | 000,117,760 | ---- | C] () -- E:\WINDOWS\System32\HPFrsa13.dll
[2008/05/23 01:39:36 | 000,057,240 | ---- | C] () -- E:\WINDOWS\System32\HPFmem13.dll
[2008/05/23 01:39:36 | 000,037,376 | ---- | C] () -- E:\WINDOWS\System32\HPFmon13.dll
[2008/05/23 01:39:34 | 001,777,664 | ---- | C] () -- E:\WINDOWS\System32\HPFimg13.dll
[2008/05/23 01:39:34 | 000,033,280 | ---- | C] () -- E:\WINDOWS\System32\HPFcbl13.dll
[2008/05/23 01:39:30 | 000,187,904 | ---- | C] () -- E:\WINDOWS\System32\HPFwin13.dll
[2008/05/23 01:39:29 | 000,152,064 | ---- | C] () -- E:\WINDOWS\System32\HPFdat13.dll
[2008/05/23 01:39:29 | 000,137,232 | ---- | C] () -- E:\WINDOWS\System32\HPFmlc13.dll
[2008/05/23 01:39:29 | 000,069,284 | ---- | C] () -- E:\WINDOWS\System32\HPFpml13.dll
[2008/05/23 01:39:29 | 000,052,800 | ---- | C] () -- E:\WINDOWS\System32\drivers\HPFecp13.sys
[2008/05/23 01:39:29 | 000,048,292 | ---- | C] () -- E:\WINDOWS\System32\HPFlpm13.dll
[2008/05/23 01:39:29 | 000,044,544 | ---- | C] () -- E:\WINDOWS\System32\HPFtst13.dll
[2008/05/23 01:39:29 | 000,033,384 | ---- | C] () -- E:\WINDOWS\System32\HPFiop13.dll
[2008/05/23 01:39:29 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\HPFhrl13.dll
[2008/05/23 01:39:29 | 000,004,404 | ---- | C] () -- E:\WINDOWS\System32\HPFlnk13.ini
[2008/05/23 01:39:28 | 000,194,048 | ---- | C] () -- E:\WINDOWS\System32\HPFcps13.dll
[2008/05/23 01:39:28 | 000,124,928 | ---- | C] () -- E:\WINDOWS\System32\HPFcnt13.dll
[2008/05/23 01:39:28 | 000,076,800 | ---- | C] () -- E:\WINDOWS\System32\HPF24r13.dll
[2008/05/23 01:39:28 | 000,072,368 | ---- | C] () -- E:\WINDOWS\System32\HPFcom13.dll
[2008/05/23 01:33:47 | 000,405,504 | ---- | C] () -- E:\WINDOWS\System32\SLLights.dll
[2008/05/23 01:33:47 | 000,139,264 | ---- | C] () -- E:\WINDOWS\System32\amr_cpl.dll
[2008/05/23 00:54:37 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2008/05/21 17:29:04 | 000,000,160 | ---- | C] () -- E:\WINDOWS\MyDrivers.ini
[2008/05/21 17:22:00 | 000,000,636 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2008/05/21 16:29:12 | 000,156,672 | R--- | C] () -- E:\WINDOWS\System32\RTLCPAPI.dll
[2008/05/21 16:17:37 | 000,000,525 | ---- | C] () -- E:\WINDOWS\MAXLINK.INI
[2008/05/21 16:03:54 | 000,000,266 | R--- | C] () -- E:\WINDOWS\System32\raidmgmt.ini
[2008/05/21 16:03:45 | 000,005,810 | R--- | C] () -- E:\WINDOWS\System32\drivers\ASACPI.sys
[2008/05/21 16:03:43 | 000,005,694 | ---- | C] () -- E:\WINDOWS\Ascd_tmp.ini
[2008/05/21 16:03:41 | 000,005,824 | ---- | C] () -- E:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/05/21 15:53:32 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
[2008/05/21 15:53:02 | 000,000,191 | ---- | C] () -- E:\WINDOWS\System32\ctzapxx.ini
[2008/05/21 15:51:30 | 000,000,136 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
[2008/05/21 14:43:03 | 000,212,992 | ---- | C] () -- E:\Documents and Settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/21 00:14:59 | 000,015,872 | ---- | C] () -- E:\WINDOWS\System32\cdmodem.dll
[2007/12/24 11:40:26 | 000,404,992 | ---- | C] () -- E:\WINDOWS\System32\libmplayer.dll
[2007/12/22 19:27:22 | 003,104,256 | ---- | C] () -- E:\WINDOWS\System32\libavcodec.dll
[2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- E:\WINDOWS\System32\CTBURST.DLL
[2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- E:\WINDOWS\System32\KILL.INI
[2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- E:\WINDOWS\System32\CTMMACTL.DLL
[2003/12/22 14:40:06 | 001,663,068 | ---- | C] () -- E:\WINDOWS\System32\libmmd.dll
[2003/10/01 01:00:00 | 000,435,712 | ---- | C] () -- E:\WINDOWS\System32\shellstyle.dll
[2003/10/01 01:00:00 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\rnr20.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- E:\WINDOWS\System32\OUTLPERF.INI
[2003/01/03 13:49:36 | 000,000,214 | ---- | C] () -- E:\WINDOWS\mp3encocx.ini
[2002/09/06 11:36:16 | 000,233,472 | ---- | C] () -- E:\WINDOWS\System32\lame_enc.dll
[2002/05/05 10:41:28 | 000,049,152 | ---- | C] () -- E:\WINDOWS\System32\coinst.dll
[1999/09/08 14:32:36 | 000,032,768 | ---- | C] () -- E:\WINDOWS\div_iyuv.dll
[1999/09/08 13:04:50 | 000,036,864 | ---- | C] () -- E:\WINDOWS\jpgl.dll
[1998/06/20 01:00:00 | 000,000,000 | ---- | C] () -- E:\WINDOWS\System32\MDT2FW95.DLL
[1998/06/10 01:00:00 | 000,015,120 | ---- | C] () -- E:\WINDOWS\System32\REPUTIL.DLL
< End of report >

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras

OTL Extras logfile created on: 31/03/2010 00:23:23 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 283.00 Mb Available Physical Memory | 28.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 37.28 Gb Total Space | 4.50 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
Drive D: | 1.01 Gb Total Space | 0.31 Gb Free Space | 30.32% Space Free | Partition Type: FAT32
Drive E: | 58.59 Gb Total Space | 1.89 Gb Free Space | 3.22% Space Free | Partition Type: NTFS
Drive F: | 33.66 Gb Total Space | 10.40 Gb Free Space | 30.90% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 5.73 Gb Free Space | 5.87% Space Free | Partition Type: NTFS
Drive H: | 266.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.17 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JAMES-ICD08K3FV
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- G:\program files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
.reg [@ = regfile] --
.scr [@ = scrfile] --

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 File not found
http [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "E:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [open] -- "G:\program files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [open] --
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] --
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\program files\games\FS2004\fs9.exe" = G:\program files\games\FS2004\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"E:\WINDOWS\system32\dpnsvr.exe" = E:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"E:\Program Files\Azureus\Azureus.exe" = E:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"E:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = E:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"E:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = E:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"E:\Program Files\BearShare Test\BearShare.exe" = E:\Program Files\BearShare Test\BearShare.exe:*:Enabled:BearShare -- (Free Peers, Inc.)
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe" = E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Program Files\Valve\Steam\SteamApps\r60ket\counter-strike source\hl2.exe" = E:\Program Files\Valve\Steam\SteamApps\r60ket\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\Azureus Downloads\QuickSnooker V6.2 Portable.exe" = E:\Documents and Settings\James.JAMES-ICD08K3FV\My Documents\Azureus Downloads\QuickSnooker V6.2 Portable.exe:*:Enabled:QuickSnooker -- (QuickGames)
"E:\Program Files\SmartFTP Client\SmartFTP.exe" = E:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0 -- (SmartSoft Ltd.)
"E:\Program Files\Microsoft ActiveSync\rapimgr.exe" = E:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\wcescomm.exe" = E:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"E:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = E:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"E:\Program Files\Mozilla Firefox\firefox.exe" = E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"E:\Program Files\Vuze\Azureus.exe" = E:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"E:\Program Files\Java\jre6\bin\java.exe" = E:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"F:\Program Files\Poser\Poser.exe" = F:\Program Files\Poser\Poser.exe:*:Enabled:Poser executable file -- (e frontier America, Inc)
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{16DF352C-70D0-4AE3-BAF8-328C25E62A33}" = Matrix Flight Planner
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F76FF6D-B992-4FD9-8686-F09F868B2C58}" = FSNavigator
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{373CDA0D-A5B1-4BCB-8E74-C6337DC4A259}" = Microsoft .NET Framework 2.0 Language Pack - ITA
"{37D19D22-032C-469E-822B-9F8BD743106E}" = Tiger Woods PGA Tour Golf
"{38B9A4E1-4482-44D9-AC14-64F70938CCB5}" = Garmin MapSource
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4BED786D-2B70-4F4F-B901-68DC5DE223DB}" = MapSource - European MetroGuide v4.00
"{4CCBA3A8-A938-4300-9E40-3018EA1FCBEE}" = pocket Theme Manager 2
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{564B16F4-6B5B-47B0-9AB6-FF2E943947F7}" = Nokia Ovi Suite Software Updater
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6249C22D-E6A8-407B-BA8B-40298848ED94}" = OmniPage SE
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{702563CE-516C-40CF-B69C-A4E2A8FC8F14}" = OviMPlatform
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = LiveUpdate BVRP Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7CD3FD76-CE64-4F12-9571-9332CA4A565F}" = RocketControl 2.5
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90260409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96182386-BC5D-4895-A36E-3C83A4886A9F}" = h2200 SDIO
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF595D08-64AC-428B-8FB8-EEC70CCB8803}" = Ovi Desktop Sync Engine
"{B07F0D17-FE19-4BE6-9F83-27E52CF381D5}" = Utherverse 3D Client
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DEC88A7F-DDA7-438A-B946-DA00382B7545}" = MyCompany USB Camera
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EBFF3839-5A5B-400A-B8A2-4A627C4B29B4}" = Nuance PDF Professional 5
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F7B9B60F-DBB3-4116-967B-BA93E278331E}" = ActivePerl 5.10.1 Build 1007
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}" = Nokia Software Updater
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"50N Boeing 737 Family Base Pack 1.1.0 " = 50N Boeing 737 Family Base Pack 1.1.0
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"737-300 Pilot in Command" = 737-300 Pilot in Command
"8461-7759-5462-8226" = Vuze
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Ace Monkey English KS1 - The Fun House" = Ace Monkey English KS1 - The Fun House
"Ace Monkey English KS1 - Word Types and Phonetics" = Ace Monkey English KS1 - Word Types and Phonetics
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems" = Agere CE Setup
"All ATI Software" = ATI - Software Uninstall Utility
"AskSBar Uninstall" = Ask Toolbar
"a-squared Free_is1" = a-squared Free 3.5
"ATI Display Driver" = ATI Display Driver
"Audio Stream Recorder2" = Audio Stream Recorder 2
"AudioConSole" = Creative Audio Console
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AZImage_is1" = AZImage 2.4.4.1
"Babar's Royal Coin Caper" = Babar's Royal Coin Caper 1.0
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BearShare Test" = BearShare Test
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Canon CanoScan Toolbox 4.0" = Canon CanoScan Toolbox 4.0
"CASTool 3.3" = CASTool 3.3
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CBOClean" = BOClean
"CMOS 330K Rev. 2.19F" = CMOS 330K Rev. 2.19F
"COMODO Firewall Pro" = COMODO Firewall Pro
"Cubasis VST 4" = Steinberg Cubasis VST 4
"DAZ Studio 2.3" = DAZ Studio
"DeepNight Theme Viewer (Desktop Edition)_is1" = dnThemeViewer v1.0
"DivX Setup.divx.com" = DivX Setup
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"Ease MP3 WAV Converter_is1" = Ease MP3 WAV Converter 1.20
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Userís Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FastStone Photo Resizer" = FastStone Photo Resizer 2.9
"Fax Machine_is1" = Fax Machine 4.31
"Hand Held GPS" = Hand Held PFPS AWE
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 5" = Pinnacle Hollywood FX 5
"HP DeskJet 710C Series" = HP DeskJet 710C Series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IFSD Irish Scenery1.11 Full" = IFSD Irish Scenery
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Integrated SimAvionics for FS9/FSX - N537JB" = Integrated SimAvionics for FS9/FSX - N537JB
"KeyView for Lotus" = KeyView for Lotus 97
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon2" = Maxthon2 Browser (remove only)
"Microsoft .NET Framework 2.0 Language Pack - ITA" = Microsoft .NET Framework 2.0 - Language Pack (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Muon Tau / mDrive" =
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.8
"Nokia PC Suite" = Nokia PC Suite
"NSS" = NSS (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Perl_Express_2.5" = Perl Express 2.5
"PFPS" = PFPS 3.3.1
"Plone_is1" = Plone (version 3.3.4) (build 32897)
"Poser 7" = Poser 7
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"Roster Folder_is1" = the folder for your rosters
"SLAMRNTV" = Smart Link 56K Voice Modem
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"TaskView 3.3.1" = TaskView 3.3.1
"The Tailor_is1" = The Tailor 1.61
"TimeLine" = TimeLine Tool v1.0
"ToolBook II 6.1 Runtime Files" = ToolBook II 6.1 Runtime Files
"Toy Story 2" = Toy Story 2
"Traffic Changer" = Traffic Changer
"UseNeXT_is1" = UseNeXT
"Utherverse 3D Client" = Utherverse 3D Client
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"VLC media player" = VLC media player 1.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2008
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XLCalendar_is1" = XLCalendar 1.5
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZC DVD Creator Platinum_is1" = ZC DVD Creator Platinum 6.2.6
"Zzaph" = Zzaph 0.63

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-152049171-839522115-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"142eaf6528a19db1" = AISchedule
"737 Pilot in Command" = 737 Pilot in Command
"FileZilla Client" = FileZilla Client 3.3.2
"Firebat" = weblin 2.8.5
"Java ChartViewer 2.8.3" = Java ChartViewer 2.8.3
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/03/2010 22:01:52 | Computer Name = JAMES-ICD08K3FV | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update '{667A88D1-0369-4070-A62A-70672D68A9BF}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 27/03/2010 22:02:42 | Computer Name = JAMES-ICD08K3FV | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Web Components - Update '{D57D126D-B706-4ACB-A096-A12ED7A26AA5}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 28/03/2010 22:04:40 | Computer Name = JAMES-ICD08K3FV | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update '{667A88D1-0369-4070-A62A-70672D68A9BF}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 28/03/2010 22:06:15 | Computer Name = JAMES-ICD08K3FV | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Web Components - Update '{D57D126D-B706-4ACB-A096-A12ED7A26AA5}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 29/03/2010 15:52:30 | Computer Name = JAMES-ICD08K3FV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3727, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/03/2010 16:07:05 | Computer Name = JAMES-ICD08K3FV | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3727, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/03/2010 22:05:17 | Computer Name = JAMES-ICD08K3FV | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office Enterprise 2007 - Update '{667A88D1-0369-4070-A62A-70672D68A9BF}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 29/03/2010 22:07:11 | Computer Name = JAMES-ICD08K3FV | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft Office XP Web Components - Update '{D57D126D-B706-4ACB-A096-A12ED7A26AA5}'
could not be installed. Error code 1635. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error - 30/03/2010 19:23:03 | Computer Name = JAMES-ICD08K3FV | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.37.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/03/2010 19:23:24 | Computer Name = JAMES-ICD08K3FV | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.1.37.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/03/2010 21:33:56 | Computer Name = JAMES-ICD08K3FV | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 26/03/2010 23:02:19 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB978380).

Error - 26/03/2010 23:04:11 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Web Components (KB947319).

Error - 27/03/2010 08:57:17 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 27/03/2010 22:01:57 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB978380).

Error - 27/03/2010 22:04:15 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Web Components (KB947319).

Error - 28/03/2010 22:05:26 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB978380).

Error - 28/03/2010 22:06:58 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Web Components (KB947319).

Error - 29/03/2010 22:05:59 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for the 2007 Microsoft Office System (KB978380).

Error - 29/03/2010 22:08:08 | Computer Name = JAMES-ICD08K3FV | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070663: Security Update for Microsoft Office Web Components (KB947319).


< End of report >

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



GMER Log to follow!

#4 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 04:42 AM

GMER Log Attached as two files (too big for single file or to paste as message)

Part 1

Attached Files



#5 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 04:45 AM

GMER Part 2 Pasted in following chunks (Can't Attach!!)

Many thanks Elise

James

.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Avira\AntiVir Desktop\avguard.exe[1908] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[1936] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Comodo\CBOClean\BOCORE.exe[1964] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\System32\CTsvcCDA.exe[2028] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\wscntfy.exe[2332] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe[2572] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Documents and Settings\James.JAMES-ICD08K3FV\Desktop\gmer\gmer.exe[2972] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C9000A
.text E:\WINDOWS\Explorer.EXE[2992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
.text E:\WINDOWS\Explorer.EXE[2992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C8000C
.text E:\WINDOWS\Explorer.EXE[2992] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\Explorer.EXE[2992] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\CTHELPER.EXE[3204] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\SOUNDMAN.EXE[3292] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 009E1950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009E82B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 009E18D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 009E1890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 009E19B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 009E1910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 009E1A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 009E1970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 009E18F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009E1930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 009E19D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 009E1990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009E18B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

#6 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 04:46 AM

Remainder of Part 2 (Sorry!!!)

.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 009E1A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E4550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009E81E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 009E19F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E1B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009E1D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 009E1AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009E1AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009E1D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009E1A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009E1A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009E1A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009E1D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 009E1CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 009E1D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009E1B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 009E1C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009E1C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 009E1B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [1C, 84] {SBB AL, 0x84}
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 009E1BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009E1B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009E1B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 009E1CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 009E1CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 009E1C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009E1BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 009E1C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 009E1C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 009E1BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009E1D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 009E1AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 009E7E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 009E1480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 009E1640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 009E1000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 009E1250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 009E1E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 009E1DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 009E1DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 009E1DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 009E7BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 009E7D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 009E1E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft IntelliPoint\point32.exe[3348] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 009E1E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE[3520] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe[3552] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\WINDOWS\system32\ctfmon.exe[3564] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3584] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Microsoft ActiveSync\wcescomm.exe[3724] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003D1950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003D82B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003D18D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003D1890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003D19B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003D1910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003D1A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003D1970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003D18F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003D1930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003D19D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003D1990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003D18B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003D1A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003D4550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 003D81E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 003D19F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003D1B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 003D1D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 003D1AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 003D1AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 003D1D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D1A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D1A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 003D1A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 003D1D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 003D1CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 003D1D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003D1B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 003D1C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003D1C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 003D1B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [BB, 83]
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 003D1BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003D1B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003D1B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 003D1CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 003D1CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 003D1C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003D1BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 003D1C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 003D1C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 003D1BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003D1D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 003D1AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003D7E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003D7BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 003D7D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 003D1480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 003D1640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 003D1000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 003D1250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 003D1E90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 003D1E70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 003D1E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 003D1DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 003D1DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 003D1DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 003D1E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3744] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 003D1E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text E:\PROGRA~1\MICROS~3\rapimgr.exe[3800] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 E:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F71EC740] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F71EC780] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F71EC6E0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F71EC7B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ E:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----


#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,066 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:50 AM

Posted 31 March 2010 - 05:55 AM

Hello siriusfire,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 08:45 AM

Windows Recovery Console Installed as suggested
When comboFix was installing and running it stated that it couldn't find the file HIDEC.exe.

Windows search found a Hidec.exe.pf pre-fetch file.

Attached ComboFix Log:

ComboFix 10-03-29.04 - James 31/03/2010 13:46:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.257 [GMT 1:00]
Running from: e:\documents and settings\James.JAMES-ICD08K3FV\Desktop\gmer\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\program files\Internet Explorer\SET668.tmp
e:\program files\Internet Explorer\SET750.tmp
e:\recycler\S-1-5-21-2000478354-1682526488-725345543-1001
e:\windows\eSellerateEngine.dll
e:\windows\system32\MDT2FW95.DLL
e:\windows\system32\RrXaIRqr.ini
e:\windows\system32\Thumbs.db
e:\windows\system32\wkwlictj.ini
e:\windows\system32\zip32.dll
G:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-29 15:52 . 2010-03-29 15:52 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\WinPatrol
2010-03-28 02:02 . 2010-03-28 02:02 552 ----a-w- e:\windows\system32\d3d8caps.dat
2010-03-28 02:02 . 2010-03-28 02:02 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Adobe
2010-03-27 01:09 . 2010-03-27 01:09 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\DivX
2010-03-27 00:27 . 2010-03-27 00:41 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\AISchedule
2010-03-27 00:26 . 2010-03-27 00:40 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Deployment
2010-03-26 18:29 . 2010-03-26 18:39 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-03-26 18:29 . 2010-03-26 18:34 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-03-26 12:00 . 2010-01-07 16:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-26 12:00 . 2010-03-26 12:00 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-26 12:00 . 2010-01-07 16:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-25 03:39 . 2010-03-25 03:39 -------- d-----w- e:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-25 03:11 . 2010-03-25 03:11 -------- d-----w- e:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft Help
2010-03-24 23:51 . 2010-03-24 23:51 -------- d-----w- e:\program files\Common Files\DivX Shared
2010-03-24 23:49 . 2010-03-24 23:52 -------- d-----w- e:\program files\DivX
2010-03-24 23:48 . 2010-03-24 23:57 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-03-24 15:13 . 2006-10-26 19:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-24 15:13 . 2008-11-10 11:41 32656 ----a-w- e:\windows\system32\msonpmon.dll
2010-03-24 15:09 . 2010-03-25 03:18 -------- d-----w- e:\program files\Microsoft Works
2010-03-24 14:54 . 2010-03-24 15:22 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-03-24 14:52 . 2010-03-24 14:52 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Microsoft Help
2010-03-24 14:51 . 2010-03-30 00:11 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-24 14:46 . 2010-03-24 14:46 -------- d-----r- E:\MSOCache
2010-03-23 14:16 . 2010-03-23 14:16 -------- d-----w- e:\program files\Verity
2010-03-22 11:56 . 2010-03-22 11:56 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Apple Computer
2010-03-22 01:53 . 2010-03-22 02:10 -------- d-----w- e:\documents and settings\All Users.WINDOWS\CyberLink
2010-03-22 01:24 . 2010-03-22 01:24 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\CyberLink
2010-03-22 01:24 . 2010-03-22 01:24 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\CyberLink
2010-03-22 01:19 . 2010-03-22 01:19 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Temp
2010-03-22 01:12 . 2010-03-22 01:14 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2010-03-22 01:12 . 2010-03-22 01:12 -------- d-----w- e:\program files\SmartSound Software
2010-03-22 01:08 . 2010-03-22 01:08 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-03-20 01:48 . 1995-08-15 01:00 57328 ----a-w- e:\windows\system\OLE2CONV.DLL
2010-03-20 01:48 . 1995-08-15 01:00 51712 ----a-w- e:\windows\system\OLE2PROX.DLL
2010-03-20 01:48 . 1995-08-15 01:00 304640 ----a-w- e:\windows\system\OLE2.DLL
2010-03-20 01:48 . 1995-08-15 01:00 28113 ----a-w- e:\windows\system\OLE2.REG
2010-03-20 01:48 . 1995-08-15 01:00 177824 ----a-w- e:\windows\system\TYPELIB.DLL
2010-03-20 01:48 . 1995-08-15 01:00 164960 ----a-w- e:\windows\system\OLE2DISP.DLL
2010-03-20 01:48 . 1995-08-15 01:00 157696 ----a-w- e:\windows\system\STORAGE.DLL
2010-03-20 01:48 . 1995-08-15 01:00 152976 ----a-w- e:\windows\system\OLE2NLS.DLL
2010-03-20 01:48 . 1995-08-09 01:00 536048 ----a-w- e:\windows\system\OC25.DLL
2010-03-20 01:48 . 1995-08-15 01:00 109056 ----a-w- e:\windows\system\COMPOBJ.DLL
2010-03-20 01:48 . 2010-03-20 01:48 -------- d-----w- e:\program files\Asymetrix
2010-03-20 01:48 . 1997-04-08 20:08 299520 ----a-w- e:\windows\uninst.exe
2010-03-11 14:19 . 2009-10-23 15:28 3558912 -c----w- e:\windows\system32\dllcache\moviemk.exe
2010-03-08 23:24 . 2009-03-10 23:25 191488 ------w- e:\windows\system32\mwgfx.dll
2010-03-08 23:24 . 2008-10-20 13:44 237056 ------w- e:\windows\system32\mwgfx24.dll
2010-03-08 23:24 . 2008-09-05 08:32 104960 ------w- e:\windows\system32\mwdds.dll
2010-03-08 23:24 . 2007-08-19 09:37 28672 ------w- e:\windows\system32\mwgfxcopy.exe
2010-03-08 23:24 . 2004-05-14 11:13 56832 ------w- e:\windows\system32\mwace.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll
2010-03-05 18:09 . 2010-03-05 18:09 -------- d-----w- e:\documents and settings\William\Local Settings\Application Data\Unity
2010-03-04 00:07 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe
2010-03-03 18:07 . 2010-03-03 18:07 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 12:43 . 2008-05-29 22:37 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Azureus
2010-03-31 12:36 . 2008-10-06 20:18 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\BOC427
2010-03-31 11:49 . 2010-02-03 22:50 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\vlc
2010-03-28 15:39 . 2009-01-20 10:10 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-03-26 17:59 . 2008-10-06 20:29 -------- d-----w- e:\program files\a-squared Free
2010-03-25 17:59 . 2009-11-10 18:26 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Blitware
2010-03-25 14:20 . 2008-05-21 17:06 77976 -c--a-w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 15:08 . 2009-08-16 02:15 -------- d-----w- e:\program files\MSBuild
2010-03-24 13:19 . 2005-12-22 23:51 -------- d-----w- e:\program files\microsoft frontpage
2010-03-22 21:08 . 2010-02-22 18:07 729088 ----a-w- e:\windows\iun6002.exe
2010-03-22 01:22 . 2005-12-23 00:14 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-03-22 01:16 . 2007-01-09 21:12 -------- d-----w- e:\program files\CyberLink
2010-03-22 01:11 . 2006-01-03 14:14 -------- d-----w- e:\program files\QuickTime
2010-03-20 18:11 . 2009-12-02 02:25 -------- d-----w- e:\program files\Pinnacle
2010-03-11 22:36 . 2008-06-03 07:26 81048 -c--a-w- e:\documents and settings\Scat.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 12:40 . 2010-02-23 09:31 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\FileZilla
2010-02-28 00:52 . 2010-02-28 00:43 -------- d-----w- e:\program files\Plone
2010-02-25 22:57 . 2010-02-25 22:57 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\FastStone
2010-02-25 22:56 . 2010-02-25 22:56 -------- d-----w- e:\program files\FastStone Photo Resizer
2010-02-23 09:28 . 2010-02-23 09:27 -------- d-----w- e:\program files\FileZilla FTP Client
2010-02-22 18:07 . 2010-02-22 18:06 -------- d-----w- e:\program files\Perl Express
2010-02-20 12:10 . 2010-02-20 12:10 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\EPSON
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- e:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- e:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- e:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- e:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- e:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- e:\windows\system32\divx_xx11.dll
2010-02-16 00:37 . 2007-01-26 18:15 -------- d-----w- e:\program files\Common Files\Adobe
2010-02-15 16:40 . 2010-02-15 16:40 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\ScanSoft
2010-02-07 12:03 . 2008-10-06 20:23 171552 ----a-w- e:\windows\system32\guard32.dll
2010-02-07 12:03 . 2008-10-06 20:23 134344 ----a-w- e:\windows\system32\drivers\cmdguard.sys
2010-02-03 21:40 . 2010-02-03 21:40 -------- d-----w- e:\program files\VideoLAN
2010-01-29 18:17 . 2008-10-06 20:23 87104 ----a-w- e:\windows\system32\drivers\inspect.sys
2010-01-29 18:17 . 2008-10-06 20:23 25160 ----a-w- e:\windows\system32\drivers\cmdhlp.sys
2010-01-09 20:56 . 2010-01-09 20:56 2560 ----a-w- e:\windows\_MSRSTRT.EXE
2009-12-31 16:50 . 2008-05-22 23:54 353792 ----a-w- e:\windows\system32\drivers\srv.sys
1996-12-02 18:44 . 1996-12-02 18:44 582144 -c--a-w- e:\program files\Common Files\dao350.dll
2008-01-30 04:30 . 2007-03-25 14:53 135680 ----a-w- e:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-21 16:56 . 2008-05-21 16:56 61 --sh--w- e:\windows\cnerolf.dat
2008-04-14 00:11 . 2008-05-22 23:54 65024 --sha-w- e:\windows\system32\asycfilt.dll
2003-10-01 00:00 . 2003-10-01 00:00 3584 --sha-w- e:\windows\system32\comcat.dll
2008-04-14 00:12 . 2008-05-22 23:54 1384479 --sha-w- e:\windows\system32\msvbvm60.dll
2008-04-14 00:12 . 2008-05-22 23:54 551936 --sha-w- e:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2008-05-22 23:54 84992 --sha-w- e:\windows\system32\olepro32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"RemoteCenter"="e:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 135168]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTStartup"="e:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152]
"ATIPTA"="e:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"IntelliPoint"="e:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"BOC-427"="e:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"WinPatrol"="e:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"COMODO Firewall Pro"="e:\program files\Comodo\Firewall\cfp.exe" [2010-01-29 1800464]
"CTSysVol"="e:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]
"CTDVDDet"="e:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 40960]
"COMODO Internet Security"="e:\program files\Comodo\Firewall\cfp.exe" [2010-01-29 1800464]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=e:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
1998-09-23 21:42 35328 -c--a-w- e:\windows\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- e:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 -c--a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-20 20:01 49152 -c--a-w- e:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57 1451520 ----a-w- e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 -c--a-w- e:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-03 22:37 68856 ----a-w- e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\program files\\games\\FS2004\\fs9.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"e:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"e:\\Program Files\\BearShare Test\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\r60ket\\counter-strike source\\hl2.exe"=
"e:\\Documents and Settings\\James.JAMES-ICD08K3FV\\My Documents\\Azureus Downloads\\QuickSnooker V6.2 Portable.exe"=
"e:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\Poser\\Poser.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;e:\windows\system32\drivers\cmdguard.sys [06/10/2008 21:23 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [06/10/2008 21:23 25160]
R2 a2free;a-squared Free Service;e:\program files\a-squared Free\a2service.exe [06/10/2008 21:29 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 17:42 108289]
R2 BOCore;BOCore;e:\program files\Comodo\CBOClean\BOCore.exe [06/10/2008 21:18 73464]
R2 HPFECP13;HPFECP13;e:\windows\system32\drivers\HPFecp13.sys [23/05/2008 01:39 52800]
R3 ctgame;Game Port;e:\windows\system32\drivers\ctgame.sys [30/12/2002 10:53 12160]
R3 DivioUSBDCam;CMOS 330K Rev. 2.19F;e:\windows\system32\drivers\pcam.sys [20/10/2000 15:21 178848]
S4 PDFProFiltSrv;PDFProFiltSrv;g:\program files\nuance\PDFProFiltSrv.exe [02/02/2008 02:20 144672]
S4 Zope_-1670881038;Zope instance at e:\program files\Plone\parts\instance;e:\program files\Plone\python\pythonservice.exe [28/02/2010 01:52 8704]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - g:\program files\nuance\cnvres_eng.dll /100
TCP: {58088A50-3CBA-445F-B424-5EADC63DC578} = 158.152.1.58,158.152.1.43
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: e:\program files\Virtools\3D Life Player\nppl3260.dll
FF - plugin: e:\program files\Virtools\3D Life Player\nprpjplug.dll
FF - plugin: e:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: e:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-a033d7b8 - e:\windows\system32\jtcilwkw.dll
MSConfigStartUp-Adobe Reader Speed Launcher - e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-lphcchbj0e74g - e:\windows\system32\lphcchbj0e74g.exe
MSConfigStartUp-Nokia - e:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-PcSync - e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-SMrhc9hbj0e74g - e:\program files\rhc9hbj0e74g\rhc9hbj0e74g.exe
MSConfigStartUp-TomTomHOME - e:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-Ace Monkey English KS1 - The Fun House - f:\toms files\uninst.exe
AddRemove-CASTool 3.3 - e:\pfps\CASTool\CASTool.isu
AddRemove-Ease MP3 WAV Converter_is1 - e:\program files\WavtoMP3\mp3wavconverter\unins000.exe
AddRemove-Eusing Free Registry Cleaner - e:\progra~1\EUSING~1\UNWISE.EXE
AddRemove-Hand Held GPS - e:\pfps\HandHeld\HANDHELD_UNINSTAL.isu
AddRemove-HijackThis - e:\documents and settings\James.JAMES-ICD08K3FV\Desktop\HijackThis.exe
AddRemove-HP DeskJet 710C Series - e:\program files\HP DeskJet 710C Series\hpfiui.exe
AddRemove-Roster Folder_is1 - e:\program files\Roster2go\Roster\unins000.exe
AddRemove-TaskView 3.3.1 - e:\pfps\TaskView3.3\TVUninst.isu
AddRemove-TimeLine - e:\pfps\TLTUninst.isu
AddRemove-XLCalendar_is1 - e:\program files\LJZsoft\XLCalendar\unins000.exe
AddRemove-Zzaph - e:\program files\Zzaph\uninst.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = "e:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????????????h?@?x?????B~D??????sx??sU???????y??w????@@@????|D@@?????>??w?????C??H??????|???|???????|L(?s?C???????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
e:\windows\system32\guard32.dll
e:\windows\system32\WININET.dll
e:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(872)
e:\windows\system32\guard32.dll
e:\windows\system32\WININET.dll
.
Completion time: 2010-03-31 14:15:15
ComboFix-quarantined-files.txt 2010-03-31 13:15

Pre-Run: 4,145,692,672 bytes free
Post-Run: 6,616,719,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect y

- - End Of File - - 9DA7DF53ABFE9878E6A162CAE25DC997


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,066 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:50 AM

Posted 31 March 2010 - 08:56 AM

Your log shows you are using a proxy to connect to the internet. Can you confirm this (I am asking because some malware sets a proxy server without a user knowing).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 09:14 AM

I am not intentionally using a proxy - no!

James

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,066 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:50 AM

Posted 31 March 2010 - 09:22 AM

Hello siriusfire,

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
CODE
DDS::
uInternet Settings,ProxyServer = socks=

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • Combofix.txt
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 31 March 2010 - 04:02 PM

ComboFix Log:


ComboFix 10-03-29.04 - James 31/03/2010 15:36:33.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.542 [GMT 1:00]
Running from: e:\documents and settings\James.JAMES-ICD08K3FV\Desktop\gmer\ComboFix.exe
Command switches used :: e:\documents and settings\James.JAMES-ICD08K3FV\Desktop\gmer\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-29 15:52 . 2010-03-29 15:52 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\WinPatrol
2010-03-28 02:02 . 2010-03-28 02:02 552 ----a-w- e:\windows\system32\d3d8caps.dat
2010-03-28 02:02 . 2010-03-28 02:02 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Adobe
2010-03-27 01:09 . 2010-03-27 01:09 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\DivX
2010-03-27 00:27 . 2010-03-27 00:41 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\AISchedule
2010-03-27 00:26 . 2010-03-27 00:40 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Deployment
2010-03-26 18:29 . 2010-03-26 18:39 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-03-26 18:29 . 2010-03-26 18:34 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-03-26 12:00 . 2010-01-07 16:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-26 12:00 . 2010-03-26 12:00 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-26 12:00 . 2010-01-07 16:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-25 03:39 . 2010-03-25 03:39 -------- d-----w- e:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-25 03:11 . 2010-03-25 03:11 -------- d-----w- e:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft Help
2010-03-24 23:51 . 2010-03-24 23:51 -------- d-----w- e:\program files\Common Files\DivX Shared
2010-03-24 23:49 . 2010-03-24 23:52 -------- d-----w- e:\program files\DivX
2010-03-24 23:48 . 2010-03-24 23:57 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-03-24 15:13 . 2006-10-26 19:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-24 15:13 . 2008-11-10 11:41 32656 ----a-w- e:\windows\system32\msonpmon.dll
2010-03-24 15:09 . 2010-03-25 03:18 -------- d-----w- e:\program files\Microsoft Works
2010-03-24 14:54 . 2010-03-24 15:22 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-03-24 14:52 . 2010-03-24 14:52 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Microsoft Help
2010-03-24 14:51 . 2010-03-30 00:11 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-24 14:46 . 2010-03-24 14:46 -------- d-----r- E:\MSOCache
2010-03-23 14:16 . 2010-03-23 14:16 -------- d-----w- e:\program files\Verity
2010-03-22 11:56 . 2010-03-22 11:56 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Apple Computer
2010-03-22 01:53 . 2010-03-22 02:10 -------- d-----w- e:\documents and settings\All Users.WINDOWS\CyberLink
2010-03-22 01:24 . 2010-03-22 01:24 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\CyberLink
2010-03-22 01:24 . 2010-03-22 01:24 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\CyberLink
2010-03-22 01:19 . 2010-03-22 01:19 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Temp
2010-03-22 01:12 . 2010-03-22 01:14 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2010-03-22 01:12 . 2010-03-22 01:12 -------- d-----w- e:\program files\SmartSound Software
2010-03-22 01:08 . 2010-03-22 01:08 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-03-20 01:48 . 1995-08-15 01:00 57328 ----a-w- e:\windows\system\OLE2CONV.DLL
2010-03-20 01:48 . 1995-08-15 01:00 51712 ----a-w- e:\windows\system\OLE2PROX.DLL
2010-03-20 01:48 . 1995-08-15 01:00 304640 ----a-w- e:\windows\system\OLE2.DLL
2010-03-20 01:48 . 1995-08-15 01:00 28113 ----a-w- e:\windows\system\OLE2.REG
2010-03-20 01:48 . 1995-08-15 01:00 177824 ----a-w- e:\windows\system\TYPELIB.DLL
2010-03-20 01:48 . 1995-08-15 01:00 164960 ----a-w- e:\windows\system\OLE2DISP.DLL
2010-03-20 01:48 . 1995-08-15 01:00 157696 ----a-w- e:\windows\system\STORAGE.DLL
2010-03-20 01:48 . 1995-08-15 01:00 152976 ----a-w- e:\windows\system\OLE2NLS.DLL
2010-03-20 01:48 . 1995-08-09 01:00 536048 ----a-w- e:\windows\system\OC25.DLL
2010-03-20 01:48 . 1995-08-15 01:00 109056 ----a-w- e:\windows\system\COMPOBJ.DLL
2010-03-20 01:48 . 2010-03-20 01:48 -------- d-----w- e:\program files\Asymetrix
2010-03-20 01:48 . 1997-04-08 20:08 299520 ----a-w- e:\windows\uninst.exe
2010-03-11 14:19 . 2009-10-23 15:28 3558912 -c----w- e:\windows\system32\dllcache\moviemk.exe
2010-03-08 23:24 . 2009-03-10 23:25 191488 ------w- e:\windows\system32\mwgfx.dll
2010-03-08 23:24 . 2008-10-20 13:44 237056 ------w- e:\windows\system32\mwgfx24.dll
2010-03-08 23:24 . 2008-09-05 08:32 104960 ------w- e:\windows\system32\mwdds.dll
2010-03-08 23:24 . 2007-08-19 09:37 28672 ------w- e:\windows\system32\mwgfxcopy.exe
2010-03-08 23:24 . 2004-05-14 11:13 56832 ------w- e:\windows\system32\mwace.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll
2010-03-05 18:09 . 2010-03-05 18:09 -------- d-----w- e:\documents and settings\William\Local Settings\Application Data\Unity
2010-03-04 00:07 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe
2010-03-03 18:07 . 2010-03-03 18:07 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 13:54 . 2010-02-03 22:50 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\vlc
2010-03-31 12:43 . 2008-05-29 22:37 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Azureus
2010-03-31 12:36 . 2008-10-06 20:18 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\BOC427
2010-03-28 15:39 . 2009-01-20 10:10 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-03-26 17:59 . 2008-10-06 20:29 -------- d-----w- e:\program files\a-squared Free
2010-03-25 17:59 . 2009-11-10 18:26 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Blitware
2010-03-25 14:20 . 2008-05-21 17:06 77976 -c--a-w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 15:08 . 2009-08-16 02:15 -------- d-----w- e:\program files\MSBuild
2010-03-24 13:19 . 2005-12-22 23:51 -------- d-----w- e:\program files\microsoft frontpage
2010-03-22 21:08 . 2010-02-22 18:07 729088 ----a-w- e:\windows\iun6002.exe
2010-03-22 01:22 . 2005-12-23 00:14 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-03-22 01:16 . 2007-01-09 21:12 -------- d-----w- e:\program files\CyberLink
2010-03-22 01:11 . 2006-01-03 14:14 -------- d-----w- e:\program files\QuickTime
2010-03-20 18:11 . 2009-12-02 02:25 -------- d-----w- e:\program files\Pinnacle
2010-03-11 22:36 . 2008-06-03 07:26 81048 -c--a-w- e:\documents and settings\Scat.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 12:40 . 2010-02-23 09:31 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\FileZilla
2010-02-28 00:52 . 2010-02-28 00:43 -------- d-----w- e:\program files\Plone
2010-02-25 22:57 . 2010-02-25 22:57 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\FastStone
2010-02-25 22:56 . 2010-02-25 22:56 -------- d-----w- e:\program files\FastStone Photo Resizer
2010-02-23 09:28 . 2010-02-23 09:27 -------- d-----w- e:\program files\FileZilla FTP Client
2010-02-22 18:07 . 2010-02-22 18:06 -------- d-----w- e:\program files\Perl Express
2010-02-20 12:10 . 2010-02-20 12:10 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\EPSON
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- e:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- e:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- e:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- e:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- e:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- e:\windows\system32\divx_xx11.dll
2010-02-16 00:37 . 2007-01-26 18:15 -------- d-----w- e:\program files\Common Files\Adobe
2010-02-15 16:40 . 2010-02-15 16:40 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\ScanSoft
2010-02-07 12:03 . 2008-10-06 20:23 171552 ----a-w- e:\windows\system32\guard32.dll
2010-02-07 12:03 . 2008-10-06 20:23 134344 ----a-w- e:\windows\system32\drivers\cmdguard.sys
2010-02-03 21:40 . 2010-02-03 21:40 -------- d-----w- e:\program files\VideoLAN
2010-01-29 18:17 . 2008-10-06 20:23 87104 ----a-w- e:\windows\system32\drivers\inspect.sys
2010-01-29 18:17 . 2008-10-06 20:23 25160 ----a-w- e:\windows\system32\drivers\cmdhlp.sys
2010-01-09 20:56 . 2010-01-09 20:56 2560 ----a-w- e:\windows\_MSRSTRT.EXE
2009-12-31 16:50 . 2008-05-22 23:54 353792 ----a-w- e:\windows\system32\drivers\srv.sys
1996-12-02 18:44 . 1996-12-02 18:44 582144 -c--a-w- e:\program files\Common Files\dao350.dll
2008-01-30 04:30 . 2007-03-25 14:53 135680 ----a-w- e:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-21 16:56 . 2008-05-21 16:56 61 --sh--w- e:\windows\cnerolf.dat
2008-04-14 00:11 . 2008-05-22 23:54 65024 --sha-w- e:\windows\system32\asycfilt.dll
2003-10-01 00:00 . 2003-10-01 00:00 3584 --sha-w- e:\windows\system32\comcat.dll
2008-04-14 00:12 . 2008-05-22 23:54 1384479 --sha-w- e:\windows\system32\msvbvm60.dll
2008-04-14 00:12 . 2008-05-22 23:54 551936 --sha-w- e:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2008-05-22 23:54 84992 --sha-w- e:\windows\system32\olepro32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"RemoteCenter"="e:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 135168]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTStartup"="e:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152]
"ATIPTA"="e:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"IntelliPoint"="e:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"BOC-427"="e:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"WinPatrol"="e:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"COMODO Firewall Pro"="e:\program files\Comodo\Firewall\cfp.exe" [2010-01-29 1800464]
"CTSysVol"="e:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]
"CTDVDDet"="e:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 40960]
"COMODO Internet Security"="e:\program files\Comodo\Firewall\cfp.exe" [2010-01-29 1800464]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=e:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
1998-09-23 21:42 35328 -c--a-w- e:\windows\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- e:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 -c--a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-20 20:01 49152 -c--a-w- e:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57 1451520 ----a-w- e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 -c--a-w- e:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-03 22:37 68856 ----a-w- e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\program files\\games\\FS2004\\fs9.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"e:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"e:\\Program Files\\BearShare Test\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\r60ket\\counter-strike source\\hl2.exe"=
"e:\\Documents and Settings\\James.JAMES-ICD08K3FV\\My Documents\\Azureus Downloads\\QuickSnooker V6.2 Portable.exe"=
"e:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\Poser\\Poser.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;e:\windows\system32\drivers\cmdguard.sys [06/10/2008 21:23 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [06/10/2008 21:23 25160]
R2 a2free;a-squared Free Service;e:\program files\a-squared Free\a2service.exe [06/10/2008 21:29 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 17:42 108289]
R2 BOCore;BOCore;e:\program files\Comodo\CBOClean\BOCore.exe [06/10/2008 21:18 73464]
R2 HPFECP13;HPFECP13;e:\windows\system32\drivers\HPFecp13.sys [23/05/2008 01:39 52800]
R3 ctgame;Game Port;e:\windows\system32\drivers\ctgame.sys [30/12/2002 10:53 12160]
R3 DivioUSBDCam;CMOS 330K Rev. 2.19F;e:\windows\system32\drivers\pcam.sys [20/10/2000 15:21 178848]
S4 PDFProFiltSrv;PDFProFiltSrv;g:\program files\nuance\PDFProFiltSrv.exe [02/02/2008 02:20 144672]
S4 Zope_-1670881038;Zope instance at e:\program files\Plone\parts\instance;e:\program files\Plone\python\pythonservice.exe [28/02/2010 01:52 8704]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - g:\program files\nuance\cnvres_eng.dll /100
TCP: {58088A50-3CBA-445F-B424-5EADC63DC578} = 158.152.1.58,158.152.1.43
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: e:\program files\Virtools\3D Life Player\nppl3260.dll
FF - plugin: e:\program files\Virtools\3D Life Player\nprpjplug.dll
FF - plugin: e:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: e:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-31 15:50
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = "e:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????F???????h?@?x?????B~D??????sx??s????????y??w????@@@????|D@@?????>??w?????C??H??????|???|???????|L(?s?C???????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
e:\windows\system32\guard32.dll
e:\windows\system32\WININET.dll
e:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(928)
e:\windows\system32\guard32.dll
e:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3016)
e:\windows\system32\WININET.dll
e:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
e:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-03-31 15:55:12
ComboFix-quarantined-files.txt 2010-03-31 14:55
ComboFix2.txt 2010-03-31 13:15

Pre-Run: 6,512,676,864 bytes free
Post-Run: 6,443,155,456 bytes free

- - End Of File - - FA455E8F16ACC2AC7B8A9B0C88FAD71E


-------------------------------------------------------------------------------------------------------------------------------------------------------

MBAM Log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3937

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31/03/2010 19:54:35
mbam-log-2010-03-31 (19-54-35).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 719989
Time elapsed: 2 hour(s), 48 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
F:\New Folder\New Folder\New Folder (2)\AntiWPA_Crypt.dll (Hacktool) -> Quarantined and deleted successfully.
F:\New Folder\New Folder\New Folder (2)\bluelist_xp_keygen\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
G:\program files\nova\NovaOgl.exe (Spyware.Passwords) -> Quarantined and deleted successfully.


Thanks



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,066 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:50 AM

Posted 01 April 2010 - 05:20 AM

Hello, there was no need to re-run Combofix, I need to see the log you will find at c:\qoobox\combofix2.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 siriusfire

siriusfire
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:50 AM

Posted 01 April 2010 - 05:40 AM

ComboFix2.txt:

ComboFix 10-03-29.04 - James 31/03/2010 13:46:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.257 [GMT 1:00]
Running from: e:\documents and settings\James.JAMES-ICD08K3FV\Desktop\gmer\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\program files\Internet Explorer\SET668.tmp
e:\program files\Internet Explorer\SET750.tmp
e:\recycler\S-1-5-21-2000478354-1682526488-725345543-1001
e:\windows\eSellerateEngine.dll
e:\windows\system32\MDT2FW95.DLL
e:\windows\system32\RrXaIRqr.ini
e:\windows\system32\Thumbs.db
e:\windows\system32\wkwlictj.ini
e:\windows\system32\zip32.dll
G:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-29 15:52 . 2010-03-29 15:52 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\WinPatrol
2010-03-28 02:02 . 2010-03-28 02:02 552 ----a-w- e:\windows\system32\d3d8caps.dat
2010-03-28 02:02 . 2010-03-28 02:02 -------- d-----w- e:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Adobe
2010-03-27 01:09 . 2010-03-27 01:09 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\DivX
2010-03-27 00:27 . 2010-03-27 00:41 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\AISchedule
2010-03-27 00:26 . 2010-03-27 00:40 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Deployment
2010-03-26 18:29 . 2010-03-26 18:39 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-03-26 18:29 . 2010-03-26 18:34 -------- d-----w- e:\program files\Spybot - Search & Destroy
2010-03-26 12:00 . 2010-01-07 16:07 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-03-26 12:00 . 2010-03-26 12:00 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-03-26 12:00 . 2010-01-07 16:07 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-03-25 03:39 . 2010-03-25 03:39 -------- d-----w- e:\program files\Microsoft CAPICOM 2.1.0.2
2010-03-25 03:11 . 2010-03-25 03:11 -------- d-----w- e:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft Help
2010-03-24 23:51 . 2010-03-24 23:51 -------- d-----w- e:\program files\Common Files\DivX Shared
2010-03-24 23:49 . 2010-03-24 23:52 -------- d-----w- e:\program files\DivX
2010-03-24 23:48 . 2010-03-24 23:57 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-03-24 15:13 . 2006-10-26 19:56 33104 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-24 15:13 . 2008-11-10 11:41 32656 ----a-w- e:\windows\system32\msonpmon.dll
2010-03-24 15:09 . 2010-03-25 03:18 -------- d-----w- e:\program files\Microsoft Works
2010-03-24 14:54 . 2010-03-24 15:22 -------- d-----w- e:\program files\Microsoft Visual Studio 8
2010-03-24 14:52 . 2010-03-24 14:52 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Microsoft Help
2010-03-24 14:51 . 2010-03-30 00:11 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-24 14:46 . 2010-03-24 14:46 -------- d-----r- E:\MSOCache
2010-03-23 14:16 . 2010-03-23 14:16 -------- d-----w- e:\program files\Verity
2010-03-22 11:56 . 2010-03-22 11:56 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\Apple Computer
2010-03-22 01:53 . 2010-03-22 02:10 -------- d-----w- e:\documents and settings\All Users.WINDOWS\CyberLink
2010-03-22 01:24 . 2010-03-22 01:24 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\CyberLink
2010-03-22 01:24 . 2010-03-22 01:24 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\CyberLink
2010-03-22 01:19 . 2010-03-22 01:19 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Temp
2010-03-22 01:12 . 2010-03-22 01:14 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2010-03-22 01:12 . 2010-03-22 01:12 -------- d-----w- e:\program files\SmartSound Software
2010-03-22 01:08 . 2010-03-22 01:08 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2010-03-20 01:48 . 1995-08-15 01:00 57328 ----a-w- e:\windows\system\OLE2CONV.DLL
2010-03-20 01:48 . 1995-08-15 01:00 51712 ----a-w- e:\windows\system\OLE2PROX.DLL
2010-03-20 01:48 . 1995-08-15 01:00 304640 ----a-w- e:\windows\system\OLE2.DLL
2010-03-20 01:48 . 1995-08-15 01:00 28113 ----a-w- e:\windows\system\OLE2.REG
2010-03-20 01:48 . 1995-08-15 01:00 177824 ----a-w- e:\windows\system\TYPELIB.DLL
2010-03-20 01:48 . 1995-08-15 01:00 164960 ----a-w- e:\windows\system\OLE2DISP.DLL
2010-03-20 01:48 . 1995-08-15 01:00 157696 ----a-w- e:\windows\system\STORAGE.DLL
2010-03-20 01:48 . 1995-08-15 01:00 152976 ----a-w- e:\windows\system\OLE2NLS.DLL
2010-03-20 01:48 . 1995-08-09 01:00 536048 ----a-w- e:\windows\system\OC25.DLL
2010-03-20 01:48 . 1995-08-15 01:00 109056 ----a-w- e:\windows\system\COMPOBJ.DLL
2010-03-20 01:48 . 2010-03-20 01:48 -------- d-----w- e:\program files\Asymetrix
2010-03-20 01:48 . 1997-04-08 20:08 299520 ----a-w- e:\windows\uninst.exe
2010-03-11 14:19 . 2009-10-23 15:28 3558912 -c----w- e:\windows\system32\dllcache\moviemk.exe
2010-03-08 23:24 . 2009-03-10 23:25 191488 ------w- e:\windows\system32\mwgfx.dll
2010-03-08 23:24 . 2008-10-20 13:44 237056 ------w- e:\windows\system32\mwgfx24.dll
2010-03-08 23:24 . 2008-09-05 08:32 104960 ------w- e:\windows\system32\mwdds.dll
2010-03-08 23:24 . 2007-08-19 09:37 28672 ------w- e:\windows\system32\mwgfxcopy.exe
2010-03-08 23:24 . 2004-05-14 11:13 56832 ------w- e:\windows\system32\mwace.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- e:\windows\system32\dpl100.dll
2010-03-05 18:09 . 2010-03-05 18:09 -------- d-----w- e:\documents and settings\William\Local Settings\Application Data\Unity
2010-03-04 00:07 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe
2010-03-03 18:07 . 2010-03-03 18:07 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Local Settings\Application Data\Unity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 12:43 . 2008-05-29 22:37 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Azureus
2010-03-31 12:36 . 2008-10-06 20:18 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\BOC427
2010-03-31 11:49 . 2010-02-03 22:50 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\vlc
2010-03-28 15:39 . 2009-01-20 10:10 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-03-26 17:59 . 2008-10-06 20:29 -------- d-----w- e:\program files\a-squared Free
2010-03-25 17:59 . 2009-11-10 18:26 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Blitware
2010-03-25 14:20 . 2008-05-21 17:06 77976 -c--a-w- e:\documents and settings\James.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-24 15:08 . 2009-08-16 02:15 -------- d-----w- e:\program files\MSBuild
2010-03-24 13:19 . 2005-12-22 23:51 -------- d-----w- e:\program files\microsoft frontpage
2010-03-22 21:08 . 2010-02-22 18:07 729088 ----a-w- e:\windows\iun6002.exe
2010-03-22 01:22 . 2005-12-23 00:14 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-03-22 01:16 . 2007-01-09 21:12 -------- d-----w- e:\program files\CyberLink
2010-03-22 01:11 . 2006-01-03 14:14 -------- d-----w- e:\program files\QuickTime
2010-03-20 18:11 . 2009-12-02 02:25 -------- d-----w- e:\program files\Pinnacle
2010-03-11 22:36 . 2008-06-03 07:26 81048 -c--a-w- e:\documents and settings\Scat.JAMES-ICD08K3FV\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 12:40 . 2010-02-23 09:31 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\FileZilla
2010-02-28 00:52 . 2010-02-28 00:43 -------- d-----w- e:\program files\Plone
2010-02-25 22:57 . 2010-02-25 22:57 -------- d-----w- e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\FastStone
2010-02-25 22:56 . 2010-02-25 22:56 -------- d-----w- e:\program files\FastStone Photo Resizer
2010-02-23 09:28 . 2010-02-23 09:27 -------- d-----w- e:\program files\FileZilla FTP Client
2010-02-22 18:07 . 2010-02-22 18:06 -------- d-----w- e:\program files\Perl Express
2010-02-20 12:10 . 2010-02-20 12:10 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\EPSON
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- e:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- e:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- e:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- e:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- e:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- e:\windows\system32\divx_xx11.dll
2010-02-16 00:37 . 2007-01-26 18:15 -------- d-----w- e:\program files\Common Files\Adobe
2010-02-15 16:40 . 2010-02-15 16:40 -------- d-----w- e:\documents and settings\Tom.JAMES-ICD08K3FV\Application Data\ScanSoft
2010-02-07 12:03 . 2008-10-06 20:23 171552 ----a-w- e:\windows\system32\guard32.dll
2010-02-07 12:03 . 2008-10-06 20:23 134344 ----a-w- e:\windows\system32\drivers\cmdguard.sys
2010-02-03 21:40 . 2010-02-03 21:40 -------- d-----w- e:\program files\VideoLAN
2010-01-29 18:17 . 2008-10-06 20:23 87104 ----a-w- e:\windows\system32\drivers\inspect.sys
2010-01-29 18:17 . 2008-10-06 20:23 25160 ----a-w- e:\windows\system32\drivers\cmdhlp.sys
2010-01-09 20:56 . 2010-01-09 20:56 2560 ----a-w- e:\windows\_MSRSTRT.EXE
2009-12-31 16:50 . 2008-05-22 23:54 353792 ----a-w- e:\windows\system32\drivers\srv.sys
1996-12-02 18:44 . 1996-12-02 18:44 582144 -c--a-w- e:\program files\Common Files\dao350.dll
2008-01-30 04:30 . 2007-03-25 14:53 135680 ----a-w- e:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-21 16:56 . 2008-05-21 16:56 61 --sh--w- e:\windows\cnerolf.dat
2008-04-14 00:11 . 2008-05-22 23:54 65024 --sha-w- e:\windows\system32\asycfilt.dll
2003-10-01 00:00 . 2003-10-01 00:00 3584 --sha-w- e:\windows\system32\comcat.dll
2008-04-14 00:12 . 2008-05-22 23:54 1384479 --sha-w- e:\windows\system32\msvbvm60.dll
2008-04-14 00:12 . 2008-05-22 23:54 551936 --sha-w- e:\windows\system32\oleaut32.dll
2008-04-14 00:12 . 2008-05-22 23:54 84992 --sha-w- e:\windows\system32\olepro32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 68856]
"RemoteCenter"="e:\program files\Creative\MediaSource\RemoteControl\RcMan.exe" [2002-09-04 135168]
"PC Suite Tray"="e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTStartup"="e:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2002-09-13 49152]
"ATIPTA"="e:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"IntelliPoint"="e:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"BOC-427"="e:\progra~1\Comodo\CBOClean\BOC427.exe" [2008-07-14 351480]
"WinPatrol"="e:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-09-19 333120]
"COMODO Firewall Pro"="e:\program files\Comodo\Firewall\cfp.exe" [2010-01-29 1800464]
"CTSysVol"="e:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-09-11 53248]
"CTDVDDet"="e:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-08-13 40960]
"COMODO Internet Security"="e:\program files\Comodo\Firewall\cfp.exe" [2010-01-29 1800464]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="e:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=e:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\E:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=e:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=e:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 12:39 1289000 ----a-w- e:\program files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpfsched]
1998-09-23 21:42 35328 -c--a-w- e:\windows\hpfsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- e:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 -c--a-w- e:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-20 20:01 49152 -c--a-w- e:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 10:57 1451520 ----a-w- e:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 04:19 148888 -c--a-w- e:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-04-03 22:37 68856 ----a-w- e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"g:\\program files\\games\\FS2004\\fs9.exe"=
"e:\\WINDOWS\\system32\\dpnsvr.exe"=
"e:\\Program Files\\Azureus\\Azureus.exe"=
"e:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"e:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"e:\\Program Files\\BearShare Test\\BearShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"e:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Program Files\\Valve\\Steam\\SteamApps\\r60ket\\counter-strike source\\hl2.exe"=
"e:\\Documents and Settings\\James.JAMES-ICD08K3FV\\My Documents\\Azureus Downloads\\QuickSnooker V6.2 Portable.exe"=
"e:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"e:\program files\Microsoft ActiveSync\rapimgr.exe"= e:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\program files\Microsoft ActiveSync\wcescomm.exe"= e:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\program files\Microsoft ActiveSync\WCESMgr.exe"= e:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"e:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"f:\\Program Files\\Poser\\Poser.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;e:\windows\system32\drivers\cmdguard.sys [06/10/2008 21:23 134344]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;e:\windows\system32\drivers\cmdhlp.sys [06/10/2008 21:23 25160]
R2 a2free;a-squared Free Service;e:\program files\a-squared Free\a2service.exe [06/10/2008 21:29 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;e:\program files\Avira\AntiVir Desktop\sched.exe [17/07/2009 17:42 108289]
R2 BOCore;BOCore;e:\program files\Comodo\CBOClean\BOCore.exe [06/10/2008 21:18 73464]
R2 HPFECP13;HPFECP13;e:\windows\system32\drivers\HPFecp13.sys [23/05/2008 01:39 52800]
R3 ctgame;Game Port;e:\windows\system32\drivers\ctgame.sys [30/12/2002 10:53 12160]
R3 DivioUSBDCam;CMOS 330K Rev. 2.19F;e:\windows\system32\drivers\pcam.sys [20/10/2000 15:21 178848]
S4 PDFProFiltSrv;PDFProFiltSrv;g:\program files\nuance\PDFProFiltSrv.exe [02/02/2008 02:20 144672]
S4 Zope_-1670881038;Zope instance at e:\program files\Plone\parts\instance;e:\program files\Plone\python\pythonservice.exe [28/02/2010 01:52 8704]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = socks=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - g:\program files\nuance\cnvres_eng.dll /100
TCP: {58088A50-3CBA-445F-B424-5EADC63DC578} = 158.152.1.58,158.152.1.43
DPF: DirectAnimation Java Classes - file://e:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://e:\windows\Java\classes\xmldso.cab
FF - ProfilePath - e:\documents and settings\James.JAMES-ICD08K3FV\Application Data\Mozilla\Firefox\Profiles\bzcve9bl.default\
FF - plugin: e:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: e:\program files\Virtools\3D Life Player\nppl3260.dll
FF - plugin: e:\program files\Virtools\3D Life Player\nprpjplug.dll
FF - plugin: e:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: e:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl -
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp -
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher -
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks -
FF - user.js: network.proxy.socks_port - 0
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-a033d7b8 - e:\windows\system32\jtcilwkw.dll
MSConfigStartUp-Adobe Reader Speed Launcher - e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-lphcchbj0e74g - e:\windows\system32\lphcchbj0e74g.exe
MSConfigStartUp-Nokia - e:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe
MSConfigStartUp-PcSync - e:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-SMrhc9hbj0e74g - e:\program files\rhc9hbj0e74g\rhc9hbj0e74g.exe
MSConfigStartUp-TomTomHOME - e:\program files\TomTom HOME 2\TomTomHOMERunner.exe
AddRemove-Ace Monkey English KS1 - The Fun House - f:\toms files\uninst.exe
AddRemove-CASTool 3.3 - e:\pfps\CASTool\CASTool.isu
AddRemove-Ease MP3 WAV Converter_is1 - e:\program files\WavtoMP3\mp3wavconverter\unins000.exe
AddRemove-Eusing Free Registry Cleaner - e:\progra~1\EUSING~1\UNWISE.EXE
AddRemove-Hand Held GPS - e:\pfps\HandHeld\HANDHELD_UNINSTAL.isu
AddRemove-HijackThis - e:\documents and settings\James.JAMES-ICD08K3FV\Desktop\HijackThis.exe
AddRemove-HP DeskJet 710C Series - e:\program files\HP DeskJet 710C Series\hpfiui.exe
AddRemove-Roster Folder_is1 - e:\program files\Roster2go\Roster\unins000.exe
AddRemove-TaskView 3.3.1 - e:\pfps\TaskView3.3\TVUninst.isu
AddRemove-TimeLine - e:\pfps\TLTUninst.isu
AddRemove-XLCalendar_is1 - e:\program files\LJZsoft\XLCalendar\unins000.exe
AddRemove-Zzaph - e:\program files\Zzaph\uninst.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = "e:\program files\Creative\Splash Screen\CTEaxSpl.EXE" /run?Z?A~d???*?A~????????????????h?@?x?????B~D??????sx??sU???????y??w????@@@????|D@@?????>??w?????C??H??????|???|???????|L(?s?C???????/?s????????D???????????????????,????????????+?s@@@?D???`|?w??????@

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
e:\windows\system32\guard32.dll
e:\windows\system32\WININET.dll
e:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(872)
e:\windows\system32\guard32.dll
e:\windows\system32\WININET.dll
.
Completion time: 2010-03-31 14:15:15
ComboFix-quarantined-files.txt 2010-03-31 13:15

Pre-Run: 4,145,692,672 bytes free
Post-Run: 6,616,719,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect y

- - End Of File - - 9DA7DF53ABFE9878E6A162CAE25DC997


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,066 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:50 AM

Posted 01 April 2010 - 07:08 AM

Hello again,

My apologies for the last post I made. I mistakenly posted a reply in the wrong topic (happens when I am having a major spring cleaning and reply to logs in the mean time) ohmy.gif



UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 19.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users