Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

# Spy.Banker.Gen can not remove

15 replies to this topic

### #1 MsKatGreenbay

MsKatGreenbay

• Members
• 92 posts
• OFFLINE
•
• Gender:Female
• Location:PC HELL :-)
• Local time:09:02 PM

Posted 30 April 2010 - 08:46 PM

2 days ago I stupidly clicked on a google link "My Fun Cards", I had been looking for a free printable card program. Instead I got a load of trojans and stuff. There were 7 reg errors after scanning, then 4, and now this one remains Spy.Banker.Gen That I can not get rid of. I have used you guys once before and I believe you to be top notch and through. As in my last last session, I was unable to run Gmer. I tried 10 times at least and it either freezes or boots me offline. So I only have the DDS report. I hope that is enough to start with. Thanks in advance.

DDS (Ver_10-03-17.01) - NTFSx86
Run by at 19:10:31.16 on Fri 04/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.364 [GMT -5:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\Program Files\RamBooster 2.0\Rambooster.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AOL 9.5\waol.exe C:\Sandbox\Me\DefaultBox\drive\C\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\AOL 9.5\shellmon.exe C:\Program Files\Common Files\aol\1249396505\ee\aolsoftware.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: HopSurf toolbar: {e9fab13d-4600-49e1-90d1-ee961c859d39} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1 uRun: [RamBooster] c:\program files\rambooster 2.0\Rambooster.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [AOL Fast Start] "c:\program files\aol 9.5\AOL.EXE" -b uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\comodo\hopsurftoolbar\HopSurfToolbar_IE.dll Trusted Zone: musicmatch.com\online DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs: c:\windows\system32\guard32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-26 64288] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-4-9 15464] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 225344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 25240] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 61440] R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-19 148744] R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-4-9 1769216] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328] S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784] =============== Created Last 30 ================ 2010-04-29 19:09:14 0 d--h--w- C:\VritualRoot 2010-04-29 19:09:00 0 d-----w- c:\docume~1\alluse~1\applic~1\COMODO 2010-04-29 19:04:44 0 d-----w- c:\docume~1\kathry~1\applic~1\Comodo 2010-04-29 19:03:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader 2010-04-11 21:34:24 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-09 06:26:12 277240 ----a-w- c:\windows\system32\guard32.dll 2010-04-09 06:25:46 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-04-09 06:25:46 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-04-09 06:25:44 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-04-06 03:25:12 0 d-----w- c:\docume~1\kathry~1\applic~1\Canneverbe Limited 2010-04-06 03:24:56 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-04-05 15:16:13 0 d-----w- c:\docume~1\kathry~1\applic~1\TP ==================== Find3M ==================== 2010-04-30 23:52:38 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-27 15:17:09 1776 ----a-w- c:\docume~1\kathry~1\applic~1\wklnhst.dat 2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 09:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll 2009-12-27 19:02:05 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-12-27 19:02:05 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-12-27 19:02:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 19:11:32.37 =============== Edited by MsKatGreenbay, 01 May 2010 - 05:46 PM. ### BC AdBot (Login to Remove) ### #2 Elise Elise Bleepin' Blonde • Malware Study Hall Admin • 61,316 posts • OFFLINE • • Gender:Female • Location:Romania • Local time:05:02 AM Posted 04 May 2010 - 11:55 AM Hello , And to the Bleeping Computer Malware Removal Forum . My name is Elise and I'll be glad to help you with your computer problems. I will be working on your malware issues, this may or may not solve other issues you may have with your machine. Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer. • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post. • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one. You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here. ----------------------------------------------------------- If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. If you have already posted a log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. We need to see some information about what is happening in your machine. Please perform the following scan: • Please download OTL from one of the following mirrors: • Save it to your desktop. • Double click on the icon on your desktop. • Click the "Scan All Users" checkbox. • Push the button. • Two reports will open, copy and paste them in a reply here: • OTListIt.txt <-- Will be opened • Extra.txt <-- Will be minimized Please download GMER from one of the following locations and save it to your desktop: • Main Mirror This version will download a randomly named file (Recommended) • Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. • Disconnect from the Internet and close all running programs. • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. • Now click the Scan button. If you see a rootkit warning window, click OK. • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. • Click the Copy button and paste the results into your next reply. • Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. ------------------------------------------------------------- In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem If you still need help, please include the following in your next reply • A detailed description of your problems • A new OTL log (don't forget extra.txt) • GMER log Thanks and again sorry for the delay. regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome Malware analyst @ Emsisoft ### #3 MsKatGreenbay MsKatGreenbay • Topic Starter • Members • 92 posts • OFFLINE • • Gender:Female • Location:PC HELL :-) • Local time:09:02 PM Posted 04 May 2010 - 08:37 PM Hi Elise, thanks for the reply. Was beginning to worry I slipped through the cracks Ran OTL and only one report opened, the OTL.txt report. Was no Extra.txt report minimized. I am going to attempt to run gmer, but I was never able to run it completely. It either froze on me where I had to pull plug to shut down or booted me off. If I am unable to do it normally, I will do in safe mode. Not sure I ever tried that way so maybe will work. Please advise regarding missing "extra.txt" from OTL. Regards, Kat OTL logfile created on: 5/4/2010 8:16:32 PM - Run 3 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Me\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,023.00 Mb Total Physical Memory | 365.00 Mb Available Physical Memory | 36.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 226.88 Gb Total Space | 136.04 Gb Free Space | 59.96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 1.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: ME Current User Name: Me Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/05/04 20:02:14 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe PRC - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010/04/09 01:26:02 | 002,029,456 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe PRC - [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2009/10/28 09:38:50 | 000,039,272 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\waol.exe PRC - [2009/10/28 09:38:49 | 000,054,632 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.5\shellmon.exe PRC - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Sandbox\Kathryn_Kowalski\DefaultBox\drive\C\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2009/07/20 14:52:23 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\1249396505\ee\aolsoftware.exe PRC - [2009/01/30 11:34:44 | 001,347,584 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe PRC - [2005/11/17 07:32:54 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe PRC - [2005/06/15 13:17:44 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2005/06/15 13:17:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2005/06/15 13:17:38 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2004/10/04 06:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe PRC - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe PRC - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe ========== Modules (SafeList) ========== MOD - [2010/05/04 20:02:14 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe MOD - [2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (NMSAccess) SRV - [2010/04/29 14:33:15 | 001,181,328 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2010/04/09 01:26:14 | 001,769,216 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010/02/19 17:00:24 | 000,148,744 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS) SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus® SRV - [2009/09/06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Sandbox\Kathryn_Kowalski\DefaultBox\drive\C\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) SRV - [2005/06/15 13:17:46 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2005/06/15 13:17:44 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2005/06/15 13:17:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2005/06/15 13:17:38 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2005/06/07 11:58:28 | 001,851,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2005/06/07 05:44:10 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2005/06/07 05:38:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2005/06/07 05:37:14 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2005/06/07 03:32:54 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2005/06/07 03:28:04 | 000,053,337 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2005/06/07 03:22:34 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2005/06/03 07:21:00 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2005/05/20 19:41:42 | 000,153,600 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2005/04/05 15:06:36 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment) SRV - [2005/03/11 19:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring) SRV - [2004/10/04 06:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2004/10/04 05:40:50 | 000,118,784 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) SRV - [2003/08/13 14:23:00 | 000,106,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe -- (Sony TVTA Manager) SRV - [2003/08/13 14:10:04 | 000,118,784 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe -- (Sony TV Tuner Controller) SRV - [2003/08/13 14:07:22 | 000,094,208 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe -- (Sony TV Tuner Manager) SRV - [2002/11/22 14:49:22 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11) ========== Driver Services (SafeList) ========== DRV - [2010/04/29 20:34:15 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/04/09 01:25:48 | 000,086,800 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2010/04/09 01:25:46 | 000,225,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2010/04/09 01:25:46 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2010/04/09 01:25:44 | 000,015,464 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd) DRV - [2010/02/28 21:50:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/02/28 21:50:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/12/02 08:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/04/13 13:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus) DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2005/08/10 00:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/07/29 17:12:44 | 001,019,960 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2005/05/23 12:31:46 | 001,034,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005/05/23 12:30:48 | 000,178,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2005/05/23 12:30:42 | 000,716,288 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2005/01/04 22:24:44 | 000,394,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS) DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/05 23:20:34 | 000,788,736 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smrt.sys -- (smrt) DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/22 14:49:22 | 000,050,896 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11) DRV - [2002/11/22 14:49:22 | 000,018,928 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11) DRV - [2002/11/22 14:49:22 | 000,016,112 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11) DRV - [2002/06/10 14:20:12 | 000,012,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2002/06/10 14:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0) DRV - [2000/12/05 18:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall) DRV - [2000/11/09 22:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKU\S-1-5-21-3962488618-778361740-41019675-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3962488618-778361740-41019675-1005\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC) IE - HKU\S-1-5-21-3962488618-778361740-41019675-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3962488618-778361740-41019675-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1 FF - prefs.js..network.proxy.type: 2 [2009/11/13 13:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions [2009/09/15 17:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2009/11/29 23:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\o8ql5spr.default\extensions [2009/11/13 15:54:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\o8ql5spr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/29 23:07:48 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\o8ql5spr.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2009/11/13 15:55:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\o8ql5spr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} O1 HOSTS File: ([2009/12/11 17:36:36 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC) O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-3962488618-778361740-41019675-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-3962488618-778361740-41019675-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKU\S-1-5-21-3962488618-778361740-41019675-1005..\Run: [AOL Fast Start] C:\Program Files\AOL 9.5\AOL.EXE (AOL, LLC.) O4 - HKU\S-1-5-21-3962488618-778361740-41019675-1005..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula) O4 - HKU\S-1-5-21-3962488618-778361740-41019675-1005..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3962488618-778361740-41019675-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3962488618-778361740-41019675-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3962488618-778361740-41019675-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites) O15 - HKU\S-1-5-21-3962488618-778361740-41019675-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (qsax Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1366x768.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1366x768.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/08/10 07:00:00 | 000,588,800 | ---- | M] (Microsoft Corporation) - C:\AUTOCHK.EXE -- [ NTFS ] O32 - AutoRun File - [2004/08/10 07:00:00 | 000,188,711 | ---- | M] () - C:\AUTOCONV.EX_ -- [ NTFS ] O32 - AutoRun File - [2004/08/10 07:00:00 | 000,029,413 | ---- | M] () - C:\AUTODISC.DL_ -- [ NTFS ] O32 - AutoRun File - [2005/09/06 14:46:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2004/08/10 07:00:00 | 000,000,860 | ---- | M] () - C:\AUTOEXEC.NT_ -- [ NTFS ] O32 - AutoRun File - [2004/08/10 07:00:00 | 000,580,608 | ---- | M] (Microsoft Corporation) - C:\AUTOFMT.EXE -- [ NTFS ] O32 - AutoRun File - [2004/08/10 07:00:00 | 000,005,630 | ---- | M] () - C:\AUTOLFN.EX_ -- [ NTFS ] O32 - AutoRun File - [2004/08/10 07:00:00 | 000,001,729 | ---- | M] () - C:\AUTOUPDT.HT_ -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/05/04 20:02:14 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe [2010/04/30 11:23:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010/04/29 14:09:14 | 000,000,000 | -H-D | C] -- C:\VritualRoot [2010/04/29 14:09:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO [2010/04/29 14:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Comodo [2010/04/29 14:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader [2010/04/29 13:48:58 | 062,223,760 | ---- | C] (COMODO) -- C:\Documents and Settings\Me\My Documents\cisfree_installer_x86.exe [2010/04/27 09:13:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\image00111 [2010/04/12 12:23:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\TheLastFarewell [2010/04/09 01:26:12 | 000,277,240 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010/04/09 01:25:48 | 000,086,800 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010/04/09 01:25:46 | 000,225,344 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2010/04/09 01:25:46 | 000,025,240 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010/04/09 01:25:44 | 000,015,464 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2010/04/05 22:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Canneverbe Limited [2010/04/05 10:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\TP [2010/04/05 10:15:01 | 001,618,320 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Me\My Documents\X16-19318_VRQ3T-KM96D-HFGQJ-VPV3P-MXKMG.exe ========== Files - Modified Within 30 Days ========== [2010/05/04 20:26:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/05/04 20:15:08 | 000,000,596 | ---- | M] () -- C:\WINDOWS\win.ini [2010/05/04 20:12:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/05/04 20:12:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/05/04 20:12:38 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys [2010/05/04 20:06:47 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe [2010/05/04 20:03:55 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/05/04 20:02:14 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe [2010/05/04 14:26:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/05/04 08:27:10 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/05/04 08:26:58 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/05/04 02:26:17 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/05/02 12:26:19 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Me\NTUSER.DAT [2010/05/02 12:26:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Me\ntuser.ini [2010/05/02 11:24:11 | 000,000,560 | ---- | M] () -- C:\hpfr5550.xml [2010/05/02 10:21:06 | 000,000,279 | RHS- | M] () -- C:\boot.ini [2010/05/02 10:21:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/05/01 18:10:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/04/30 19:08:19 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\dds.scr [2010/04/30 09:42:49 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\dds.scr [2010/04/30 09:24:25 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/04/30 09:23:51 | 000,103,625 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\trojan.wmv [2010/04/30 03:07:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/04/29 18:11:59 | 005,154,304 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\WindowsDefender.msi [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/04/29 14:06:48 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk [2010/04/29 14:03:04 | 062,223,760 | ---- | M] (COMODO) -- C:\Documents and Settings\Me\My Documents\cisfree_installer_x86.exe [2010/04/29 09:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/04/27 10:17:09 | 000,001,776 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\wklnhst.dat [2010/04/27 09:13:13 | 000,363,621 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\image00111.zip [2010/04/27 01:00:00 | 000,031,774 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\image00999.jpg [2010/04/26 09:03:53 | 082,171,355 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\TeriArt.wmv [2010/04/25 23:24:56 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\USCellular.wps [2010/04/21 07:13:22 | 000,590,483 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\image001.zip [2010/04/20 14:29:25 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\PrescribaRx.wps [2010/04/16 03:45:30 | 001,038,647 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Video_2010-04-16_00120.wmv [2010/04/15 18:46:09 | 072,301,087 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\ShakiraRafaMakingofGypsy.wmv [2010/04/15 17:52:39 | 104,965,495 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\ShakiraRafa.wmv [2010/04/12 12:23:39 | 005,845,342 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\TheLastFarewell.zip [2010/04/11 16:34:24 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/11 02:42:41 | 001,820,057 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\ringtone2.wmv [2010/04/11 02:35:24 | 001,685,175 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\ringtone.wmv [2010/04/11 01:34:09 | 000,156,652 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Molly.mp3 [2010/04/10 11:58:27 | 133,252,969 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Molly&Carlos on Good Day SD.wmv [2010/04/09 01:26:12 | 000,277,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010/04/09 01:25:48 | 000,086,800 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010/04/09 01:25:46 | 000,225,344 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys [2010/04/09 01:25:46 | 000,025,240 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010/04/09 01:25:44 | 000,015,464 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys [2010/04/05 23:02:35 | 000,001,913 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Jonny Lang.axp [2010/04/05 22:42:45 | 041,242,366 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track12.wav [2010/04/05 22:41:40 | 044,329,366 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track11.wav [2010/04/05 22:40:42 | 052,708,366 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track10.wav [2010/04/05 22:39:35 | 043,711,966 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track09.wav [2010/04/05 22:38:37 | 037,308,646 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track08.wav [2010/04/05 22:38:15 | 062,869,006 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track07.wav [2010/04/05 22:37:31 | 037,449,766 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track06.wav [2010/04/05 22:37:07 | 037,026,406 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track05.wav [2010/04/05 22:36:46 | 039,760,606 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track04.wav [2010/04/05 22:36:19 | 044,982,046 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track03.wav [2010/04/05 22:35:48 | 054,331,246 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track02.wav [2010/04/05 22:34:55 | 044,311,726 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Track01.wav [2010/04/05 22:25:04 | 000,002,200 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk [2010/04/05 10:15:13 | 001,618,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Me\My Documents\X16-19318_VRQ3T-KM96D-HFGQJ-VPV3P-MXKMG.exe [2010/04/05 10:03:08 | 001,828,352 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Mantra-1.pps ========== Files Created - No Company Name ========== [2010/05/04 20:06:47 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe [2010/04/30 19:08:19 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\dds.scr [2010/04/30 09:42:49 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\dds.scr [2010/04/30 09:24:08 | 000,103,625 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\trojan.wmv [2010/04/29 18:11:51 | 005,154,304 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\WindowsDefender.msi [2010/04/29 14:06:48 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk [2010/04/27 09:14:46 | 000,031,774 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\image00999.jpg [2010/04/27 09:13:11 | 000,363,621 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\image00111.zip [2010/04/26 09:04:27 | 082,171,355 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\TeriArt.wmv [2010/04/23 11:04:43 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\USCellular.wps [2010/04/20 14:29:25 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\PrescribaRx.wps [2010/04/16 03:45:41 | 001,038,647 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Video_2010-04-16_00120.wmv [2010/04/15 18:46:29 | 072,301,087 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\ShakiraRafaMakingofGypsy.wmv [2010/04/15 17:52:57 | 104,965,495 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\ShakiraRafa.wmv [2010/04/12 12:23:20 | 005,845,342 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\TheLastFarewell.zip [2010/04/11 16:34:24 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/04/11 02:41:53 | 001,820,057 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\ringtone2.wmv [2010/04/11 02:35:35 | 001,685,175 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\ringtone.wmv [2010/04/11 01:34:08 | 000,156,652 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Molly.mp3 [2010/04/10 11:58:55 | 133,252,969 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Molly&Carlos on Good Day SD.wmv [2010/04/05 23:02:34 | 041,242,366 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track12.wav [2010/04/05 23:02:33 | 044,329,366 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track11.wav [2010/04/05 23:02:32 | 052,708,366 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track10.wav [2010/04/05 23:02:31 | 043,711,966 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track09.wav [2010/04/05 23:02:30 | 037,308,646 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track08.wav [2010/04/05 23:02:28 | 062,869,006 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track07.wav [2010/04/05 23:02:27 | 037,449,766 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track06.wav [2010/04/05 23:02:26 | 039,760,606 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track04.wav [2010/04/05 23:02:25 | 037,026,406 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track05.wav [2010/04/05 23:02:24 | 044,982,046 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track03.wav [2010/04/05 23:02:23 | 054,331,246 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track02.wav [2010/04/05 23:02:21 | 044,311,726 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Track01.wav [2010/04/05 23:02:20 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Jonny Lang.axp [2010/04/05 22:25:04 | 000,002,200 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk [2010/04/05 22:24:56 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/04/05 10:01:27 | 001,828,352 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Mantra-1.pps [2009/11/03 01:23:39 | 000,000,379 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI [2009/08/12 02:54:03 | 000,000,033 | ---- | C] () -- C:\WINDOWS\LVMMail.INI [2009/08/04 12:52:50 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI [2009/08/04 12:51:02 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2009/08/04 12:50:31 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll [2009/08/04 12:26:41 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini [2009/07/24 18:21:55 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2009/07/24 18:15:56 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2009/07/24 18:14:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2009/07/24 18:13:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini [2009/07/24 18:12:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2009/07/24 18:12:47 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2009/07/24 18:12:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2009/07/24 18:12:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2009/07/24 18:12:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2009/07/24 18:12:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2009/07/24 18:11:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/10/03 18:07:10 | 003,754,896 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-6.dll [2008/09/28 12:33:01 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll [2008/08/28 06:20:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll [2008/08/28 06:17:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll [2008/08/28 06:17:20 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll [2007/02/03 08:59:04 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2006/11/06 14:30:38 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2005/09/06 17:39:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/09/06 16:57:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2005/09/06 15:13:46 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\WLANDLL.DLL [2005/09/06 14:53:55 | 000,000,811 | ---- | C] () -- C:\WINDOWS\orun32.ini [2005/09/06 14:30:35 | 000,000,762 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/09/06 14:30:07 | 000,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll [2005/08/05 16:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005/06/06 14:30:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/07/17 11:46:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\winchip.dll [2002/11/22 14:50:06 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll [1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5160F090 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 < End of report > ### #4 MsKatGreenbay MsKatGreenbay • Topic Starter • Members • 92 posts • OFFLINE • • Gender:Female • Location:PC HELL :-) • Local time:09:02 PM Posted 05 May 2010 - 01:26 AM Hello Elise. I tried to run Gmer. It froze after a bit of scanning and I had to pull plug to shut down. I then tried to scan in Safe Mode. When it booted up, half of my desktop icons were not there. And of course, Gmer, OTL, DDS and a bunch of others were not there, though they are all back now in regular mode. Please advise. Regards, Kat P.S. I tried both mirrors of Gmer and both are a bust for me ### #5 Elise Elise Bleepin' Blonde • Malware Study Hall Admin • 61,316 posts • OFFLINE • • Gender:Female • Location:Romania • Local time:05:02 AM Posted 05 May 2010 - 07:34 AM Try to run GMER with only the Sections option checked (in normal mode). This will shorten the scan and most likely not crash it. The fact that the icons weren't there is because most likely you logged in as Administrator and not in your regular userprofile regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome Malware analyst @ Emsisoft ### #6 MsKatGreenbay MsKatGreenbay • Topic Starter • Members • 92 posts • OFFLINE • • Gender:Female • Location:PC HELL :-) • Local time:09:02 PM Posted 05 May 2010 - 08:30 AM Good Morning Elise. Success!!! Safe mode and just the sections. Duh on me re: safe mode icons lol Maybe in my next life, I too, could be a Bleeping pc admin LOL Here is gmer log. GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-05-05 08:18:06 Windows 5.1.2600 Service Pack 3 Running: 2ytv0rcjGmer.exe; Driver: C:\DOCUME~1\KATHRY~1\LOCALS~1\Temp\pxtdypow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + 11A 804E4974 4 Bytes CALL 4D5E4102 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\winlogon.exe[252] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\services.exe[296] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100257B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 100257D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\lsass.exe[308] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[468] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[480] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[560] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\system32\svchost.exe[592] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10025810 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 100257F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\WINDOWS\Explorer.EXE[880] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10023430 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 100258B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10025910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 100258F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10025950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10025930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 100259B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 100259F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 100259D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 100258D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027320 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026800 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F6A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10026560 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FEB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10025830 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10025850 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) .text C:\Documents and Settings\Me\Desktop\2ytv0rcjGmer.exe[1092] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO) ---- EOF - GMER 1.0.15 ---- ### #7 Elise Elise Bleepin' Blonde • Malware Study Hall Admin • 61,316 posts • OFFLINE • • Gender:Female • Location:Romania • Local time:05:02 AM Posted 05 May 2010 - 09:03 AM Hello again COMBOFIX --------------- Please download ComboFix from one of these locations: • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) • Double click on Combofix.exe and follow the prompts. • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. regards, Elise "Now faith is the substance of things hoped for, the evidence of things not seen." Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome Malware analyst @ Emsisoft ### #8 MsKatGreenbay MsKatGreenbay • Topic Starter • Members • 92 posts • OFFLINE • • Gender:Female • Location:PC HELL :-) • Local time:09:02 PM Posted 05 May 2010 - 09:31 AM Painless Combofix log ComboFix 10-05-04.06 - Me 05/05/2010 9:15.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.368 [GMT -5:00] Running from: c:\documents and settings\Me\Desktop\ComboFix.exe AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B} FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\hosts c:\program files\WindowsUpdate c:\windows\system32\fscd.txt c:\windows\system32\idm.txt c:\windows\system32\qsff4.txt c:\windows\system32\scvideo.dll c:\windows\system32\Thumbs.db . ((((((((((((((((((((((((( Files Created from 2010-04-05 to 2010-05-05 ))))))))))))))))))))))))))))))) . 2010-05-05 06:13 . 2010-05-05 06:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder 2010-04-30 01:35 . 2010-04-30 01:35 62976 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-04-29 19:33 . 2010-04-29 19:33 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2010-04-29 19:33 . 2010-04-29 19:33 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2010-04-29 19:33 . 2010-04-29 19:33 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2010-04-29 19:33 . 2010-04-29 19:33 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2010-04-29 19:33 . 2010-04-29 19:33 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-04-29 19:09 . 2010-04-29 19:09 -------- d-----w- C:\VritualRoot 2010-04-29 19:09 . 2010-04-29 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO 2010-04-29 19:04 . 2010-04-29 19:04 -------- d-----w- c:\documents and settings\Me\Application Data\Comodo 2010-04-29 19:04 . 2010-04-29 19:04 5542592 ----a-w- c:\documents and settings\All Users\Application Data\Comodo Downloader\hopsurf.exe 2010-04-29 19:03 . 2010-04-29 19:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader 2010-04-11 21:34 . 2010-04-11 21:34 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-09 06:26 . 2010-04-09 06:26 277240 ----a-w- c:\windows\system32\guard32.dll 2010-04-09 06:25 . 2010-04-09 06:25 86800 ----a-w- c:\windows\system32\drivers\inspect.sys 2010-04-09 06:25 . 2010-04-09 06:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2010-04-09 06:25 . 2010-04-09 06:25 225344 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2010-04-09 06:25 . 2010-04-09 06:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys 2010-04-06 03:25 . 2010-04-06 03:25 -------- d-----w- c:\documents and settings\Me\Application Data\Canneverbe Limited 2010-04-06 03:24 . 2009-11-12 18:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-04-05 15:16 . 2010-04-05 15:16 -------- d-----w- c:\documents and settings\Me\Application Data\TP . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-05 14:10 . 2009-10-31 13:48 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat 2010-05-01 16:10 . 2009-11-24 20:15 117760 ----a-w- c:\documents and settings\Me\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-04-30 08:08 . 2009-08-19 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-04-30 01:34 . 2009-11-24 20:14 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-04-30 01:12 . 2009-12-03 06:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-04-30 01:10 . 2009-12-08 09:35 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-04-29 23:34 . 2009-07-24 23:09 -------- d-----w- c:\program files\Microsoft Works 2010-04-29 20:39 . 2009-12-03 06:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39 . 2009-12-03 06:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-29 19:33 . 2009-12-26 14:26 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2010-04-29 19:33 . 2009-12-26 14:26 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2010-04-29 19:33 . 2009-12-26 14:26 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2010-04-29 19:33 . 2009-12-26 14:26 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll 2010-04-29 19:33 . 2009-12-26 14:26 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-04-29 19:33 . 2009-12-26 14:25 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2010-04-29 19:33 . 2009-12-26 14:25 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2010-04-29 19:33 . 2009-12-26 14:25 816784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2010-04-29 19:33 . 2009-12-26 14:25 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-04-29 19:33 . 2009-12-26 14:25 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2010-04-29 19:33 . 2009-12-26 14:25 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2010-04-29 19:33 . 2009-12-26 14:25 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-04-29 19:06 . 2009-10-31 13:44 -------- d-----w- c:\program files\COMODO 2010-04-29 11:17 . 2010-01-08 21:06 -------- d-----w- c:\documents and settings\Me\Application Data\ZoomBrowser EX 2010-04-29 11:13 . 2010-01-08 21:05 -------- d-----w- c:\documents and settings\Me\Application Data\CameraWindowDC 2010-04-27 15:17 . 2009-12-12 03:37 1776 ----a-w- c:\documents and settings\Me\Application Data\wklnhst.dat 2010-04-20 16:14 . 2009-09-15 22:44 -------- d-----w- c:\documents and settings\Me\Application Data\LimeWire 2010-04-11 07:30 . 2009-08-04 17:28 -------- d-----w- c:\documents and settings\Me\Application Data\Share-to-Web Upload Folder 2010-03-30 21:15 . 2009-08-04 14:39 -------- d-----w- c:\program files\Opera 2010-03-30 19:27 . 2005-09-06 20:53 -------- d-----w- c:\program files\Common Files\Java 2010-03-30 19:26 . 2005-09-06 20:53 -------- d-----w- c:\program files\Java 2010-03-23 05:51 . 2010-03-23 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2010-03-16 14:18 . 2009-10-01 03:03 -------- d-----w- c:\documents and settings\Me\Application Data\Move Networks 2010-03-10 06:15 . 2005-09-06 19:30 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-03-09 09:28 . 2009-08-06 21:32 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-06 21:53 . 2009-11-03 21:22 152576 ----a-w- c:\documents and settings\Me\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2010-03-06 21:52 . 2010-03-06 21:52 79488 ----a-w- c:\documents and settings\Me\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-04 16:30 . 2005-09-06 21:07 74440 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-25 06:24 . 2005-09-06 19:30 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 15:16 . 2009-12-27 22:05 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-24 13:11 . 2005-09-06 19:30 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-16 14:08 . 2004-08-03 23:18 2146304 ------w- c:\windows\system32\ntoskrnl.exe 2010-02-16 13:25 . 2004-08-03 22:59 2024448 ------w- c:\windows\system32\ntkrnlpa.exe 2010-02-12 04:33 . 2005-09-06 19:30 100864 ----a-w- c:\windows\system32\6to4svc.dll 2010-02-11 12:02 . 2005-09-06 19:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584] "RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2005-11-17 561664] "AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-04-09 2029456] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2005-05-21 00:42 73728 ----a-w- c:\windows\system32\VESWinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\guard32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk backup=c:\windows\pss\ATI CATALYST System Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VAIO Action Setup (Server).lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk backup=c:\windows\pss\VAIO Action Setup (Server).lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] 2009-10-28 14:38 50536 ----a-w- c:\program files\AOL 9.5\aol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2005-08-10 07:33 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExecAfterFirstBoot] 2005-03-10 19:20 204800 ----a-w- c:\windows\SONYSYS\EFlyer\ExecAfterFirstBoot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2009-07-20 19:52 41264 ----a-w- c:\program files\Common Files\aol\1249396505\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2002-11-22 19:49 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04] 2002-11-22 19:48 348160 ----a-w- c:\windows\system32\hphmon04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04] 2002-11-22 19:50 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2004-08-09 13:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2004-08-09 13:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2009-08-04 17:47 16384 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LgWDskTp] 2004-10-27 16:37 65536 ----a-w- c:\program files\Wireless Desktop\LgWDskTp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] 2002-09-11 17:58 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] 2002-09-11 17:57 45056 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-09-20 20:16 90112 ----a-w- c:\program files\Common Files\Logitech\QCDriver2\LVComS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2010-04-29 20:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2005-05-10 22:04 11776 ----a-w- c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] 2005-05-10 22:04 110592 ----a-w- c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PartSeal] 2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2009-08-04 17:49 20480 ----a-w- c:\program files\Real\RealPlayer\realplay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 15:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2005-06-03 14:16 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2010-04-30 01:34 2020592 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery] 2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] 2005-01-14 20:43 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey] 2005-06-13 23:42 258048 ----a-w- c:\program files\Sony\VAIO Survey\SurveySA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 01:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "PACSPTISVR"=3 (0x3) "ose"=3 (0x3) "WZCSVC"=2 (0x2) "YahooAUService"=2 (0x2) "SSScsiSV"=3 (0x3) "SonicStageMonitoring"=2 (0x2) "PhotoshopElementsDeviceConnect"=2 (0x2) "NMSAccess"=2 (0x2) "Ati HotKey Poller"=2 (0x2) "Lavasoft Ad-Aware Service"=2 (0x2) "SbieSvc"=2 (0x2) "CCALib8"=2 (0x2) "odserv"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\1249396505\\ee\\aolsoftware.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/26/2009 9:26 AM 64288] R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [4/9/2010 1:25 AM 15464] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 225344] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 8:56 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56 AM 61440] R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744] R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 6:47 AM 98304] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56 AM 12872] S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL\$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 5:40 AM 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

- c:\windows\system32\OOBE\oobebaln.exe [2005-09-06 00:12]

- c:\windows\system32\OOBE\oobebaln.exe [2005-09-06 00:12]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SandboxieControl - c:\program files\Sandboxie\SbieCtrl.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 09:24
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\guard32.dll
.
Completion time: 2010-05-05 09:27:45
ComboFix-quarantined-files.txt 2010-05-05 14:27

Pre-Run: 146,082,263,040 bytes free
Post-Run: 146,564,575,232 bytes free

- - End Of File - - 25E7981F71F69230999C0FEDFBC9E067

### #9 Elise

Elise

Bleepin' Blonde

• 61,316 posts
• OFFLINE
•
• Gender:Female
• Location:Romania
• Local time:05:02 AM

Posted 05 May 2010 - 11:48 AM

Hello again, how are things running now?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
• Look for "JDK 6 Update 20 (JDK or JRE)".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
• If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
On the Scanner tab:
• Make sure the "Perform Full Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
• Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Malware analyst @ Emsisoft

### #10 MsKatGreenbay

MsKatGreenbay
• Topic Starter

• Members
• 92 posts
• OFFLINE
•
• Gender:Female
• Location:PC HELL :-)
• Local time:09:02 PM

Posted 05 May 2010 - 01:45 PM

Hello Elise. Ok, out with the old Java, in with the new.
Mbam showed no malicious items

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4069

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/5/2010 1:32:27 PM
mbam-log-2010-05-05 (13-32-27).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
Objects scanned: 160474
Time elapsed: 29 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Since posting April 30th regarding this issue, I had run all my anti everything. I had thought/hoped I had gotten rid of it but I really needed to be sure since it is such a delicate thing having peace of mind to bank and shop online. So I needed to follow through with having you guys test me out. Now I feel I can be safe again. Well, till next time. And there does seem to always be a next time no matter how careful one tries to be. I want to thank you for your help in this issue with me. You guys all rock here.

I do have another issue that is so frustrating to me. 9 out of 10 times when I right click to rename or delete something. it freezes my pc. It doesn't matter if it is a photo, a doc., the location etc... Any clue how to fix that?

Regards, Kat

Edited by MsKatGreenbay, 05 May 2010 - 01:47 PM.

### #11 Elise

Elise

Bleepin' Blonde

• 61,316 posts
• OFFLINE
•
• Gender:Female
• Location:Romania
• Local time:05:02 AM

Posted 05 May 2010 - 01:51 PM

Hi, sorry, I have no clue about that right click issue. The only thing I can think about is, do you have added extra programs to your context menu (like "Scan with Comodo" or something like that). If so, maybe that causes the problem. In such a case, uninstalling the specific program might fix the problem (or changing the seting to add options to the contextual menu for said program).

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
2. Double click on the icon on your desktop.
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Push the Start button.
10. When the scan completes, push
11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - when ESET doesn't find any threats, no report will be created.
12. Push the button.
13. Push

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Malware analyst @ Emsisoft

### #12 MsKatGreenbay

MsKatGreenbay
• Topic Starter

• Members
• 92 posts
• OFFLINE
•
• Gender:Female
• Location:PC HELL :-)
• Local time:09:02 PM

Posted 05 May 2010 - 07:14 PM

Hello Elise, whew, almost a 5 hour scan!! Found one bugger. Boy, they love to hide out in system volume info restore. There is an option to delete the quarantined file, should I? Let me know next step

Regards, Kat

Edited by MsKatGreenbay, 05 May 2010 - 07:27 PM.

### #13 Elise

Elise

Bleepin' Blonde

• 61,316 posts
• OFFLINE
•
• Gender:Female
• Location:Romania
• Local time:05:02 AM

Posted 06 May 2010 - 02:58 AM

Hi Kat,
No need to worry about that detection; in the next steps System Restore will be flushed anyway.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:
• Delete the tools used during the disinfection:
• Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
• Delete DDS, GMER (this is a random named file) and OTL.
1. Install and update the following programs regularly:
• an outbound firewall
A comprehensive tutorial and a list of possible firewalls can be found here.
• an AntiVirus Software
It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
• an Anti-Spyware program
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SUPERAntiSpyware is another good scanner with high detection and removal rates.
Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
• Spyware Blaster
A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
• MVPs hosts file
A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
2. Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
3. Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
4. Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing .
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."

Malware analyst @ Emsisoft

### #14 MsKatGreenbay

MsKatGreenbay
• Topic Starter

• Members
• 92 posts
• OFFLINE
•
• Gender:Female
• Location:PC HELL :-)
• Local time:09:02 PM

Posted 06 May 2010 - 10:28 AM

Hello Elise. Machine seems to be running fine. When I went to delete combofix through "run", it said windows could not detect it. same for DDS OTL etc.. They weren't in control panel, add/remove, either.

I read all of the info in your last post and will do as suggested. I thank you for your help and patience. You guys here are really top notch!!. Thanks again.

Regards, Kat

### #15 Elise

Elise

Bleepin' Blonde

• 61,316 posts
• OFFLINE
•
• Gender:Female
• Location:Romania
• Local time:05:02 AM

Posted 06 May 2010 - 12:17 PM

To uninstall combofix, just rename combofix.exe to uninstall.exe and run it by doubleclicking.

After that, you can run OTL and click the cleanup button, this will delete all tools and logs.

None of those tools leave entries in add remove programs.

regards, Elise

"Now faith is the substance of things hoped for, the evidence of things not seen."