Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Internet hangs after 10 minutes


  • This topic is locked This topic is locked
18 replies to this topic

#1 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 13 April 2008 - 04:42 AM

When I first boot my computer, it runs fine. After about 10 minutes, the internet stops working. Firefox says it's connecting to a site, and it just hangs. If I restart the computer, it's okay for another 10 minutes, and then I have the same problem. Logging off doesn't fix it, it has to be a restart.

Also, the problem is only with http: connections. I have a couple of client/server apps that I use, and they run okay.

I think I may have brought this on myself. A few days ago I got an alert from Comodo about something trying to modify a folder. The program was unknown to Comodo, but I assumed it was related to something else that was going on at the time, and I allowed it. I remember thinking that maybe I shouldn't have done that.

Anyway, I ran Spybot, and it found a few things and fixed them. I also ran a Comodo scan of the system, and it didn't find anything.

Here's my log. Thanks for your help.

Milo

---------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:26 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CACI\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/HTML/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - Startup: Ragú Recipe Widget.lnk = C:\Program Files\Ragu Recipe Widget\RaguWidgetLoader.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\Program Files\Software River Solutions\Visual WhoIs 2004\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\Program Files\Software River Solutions\Visual WhoIs 2004\srstools.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.ameritrade.com
O15 - Trusted Zone: http://www.investors.com
O15 - Trusted Zone: http://*.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\CACI\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10994 bytes

Edited by Scotty, 06 May 2008 - 02:28 AM.

    Advertisements

Register to Remove


#2 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 23 April 2008 - 05:44 AM

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:

      + Extended(If available otherwise Standard)
    • Scan Options:

      + Scan Archives
      + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post with a new HijackThis log.

With the exception of Internet Explorer, which is needed for the Kaspersky Scan, keep ALL programs closed until the scan is complete. This includes your anti-virus. Once you have installed the Scanner, and the updated definitions, you can disconnect from the Internet.Re-enable the anti-virus before reconnecting to the Internet.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#3 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 24 April 2008 - 04:25 AM

Hi, Scotty! :)

Thanks for helping me. Here are the logs from Kaspersky and HijackThis.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 24, 2008 6:14:14 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/04/2008
Kaspersky Anti-Virus database records: 723770
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 171077
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:58:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\5d07e30ee386493d92a824291d65739f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\223c149a11405593beb6f51656e0ea60_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5375841cdd3704947b1596913f4d3351_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6298c6a065fc2320f29fa53beae26fc5_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080423_Time-212800515_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080423_Time-212800515_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_FRUGALCHEESE.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_FRUGALCHEESE.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Bill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Bill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Bill\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012008042320080424\index.dat Object is locked skipped
C:\Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Bill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Bill\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP497\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:32 AM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CACI\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/HTML/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlfaClock Classic] "C:\Program Files\AlfaClock\AlfaClock.exe" /startup
O4 - Startup: Ragú Recipe Widget.lnk = C:\Program Files\Ragu Recipe Widget\RaguWidgetLoader.exe
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\Program Files\Software River Solutions\Visual WhoIs 2004\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\Program Files\Software River Solutions\Visual WhoIs 2004\srstools.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.ameritrade.com
O15 - Trusted Zone: http://www.investors.com
O15 - Trusted Zone: http://*.tdameritrade.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\CACI\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 10985 bytes

#4 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 24 April 2008 - 07:39 AM

Hi

There is no sign of malware causing your problem. I suggest you post here
http://forums.whatth...email_f123.html

Someone would be better to help you there.

Two things I should point out.

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is ‘spyware’, and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it ‘unsolicited’, and since it is installed to raise money for its creators through the built-in ads it is certainly ‘commercial’. So it does meet the definition for ‘parasite’: unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WeatherBug, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.


Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.
  • Close any programmes you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel.
  • Click Add/Remove Programs.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all versions of Java.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment (JRE) (5th one down the list), which is JRE6u6, and click Yes at the page warning. Under "Platform" select Windows, then check the box to accept the Licence Agreement. Click Yes at the second page warning before downloading the Offline file.
There is no need to download the Sun Download manager but it is optional.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#5 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 25 April 2008 - 05:32 AM

Thanks, Scotty. I deleted the old versions of Java, and installed update 6. I'm not particularly worried about WeatherBug, but I'll take a look at those other things you suggested.

I do have one piece of new information. I found this article in the Microsoft knowledge base:

http://support.microsoft.com/kb/926431

One of the things they suggested is to try safe mode with networking. In safe mode, the problem goes away, which would seem to say that there's something in startup or services that's causing this. I plan to spend some time this weekend trying to track it down.

Do you have any thoughts on this?

Thanks,
Milo

#6 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 25 April 2008 - 07:16 AM

Hi The tech helpers certainly would be able to help you there. They may try walking through disabling all non-essential services then testing them one by one. But then, in Safe Mode, it's not just the services that arent loaded, but non-essential drivers etc too. Good luck. Ill close this one now.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#7 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 25 April 2008 - 07:16 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#8 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 06 May 2008 - 02:27 AM

This topic has been reopened by request of the starter of this topic. Or it has been moved to the correct forum
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#9 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 06 May 2008 - 04:27 PM

Hi, Scotty --

I started a thread over in Browsers, Internet and Email, as you suggested, but didn't really get any help there. I did make some progress on my own, using this article from Microsoft:
http://support.microsoft.com/kb/926431

Following their suggestions, I discovered that when I run in safe mode with networking, the problem goes away. In normal mode, I can browse for only 10 minutes, and after that, all HTTP operations (both IE and Firefox) hang and then time out. In safe mode, everything continues to work okay, long after the 10 minutes have passed.

I continued with the troubleshooting process in the article, and I've ruled out services and started programs. I'm now at the point where they are suggesting system restore, but I don't have a good restore point. I know I created one back in January, when you guys helped me with a previous problem, but I can't find it now. The restore calendar only goes back to April.

So, these are the questions I'd like you to consider:

1. All the malware scanners I've run say my system is clean, but I'm certain I picked this problem up from a web site. It would be nice to track down the module that's causing this and submit it for analysis. Any suggestions on how to go about it?

2. Is there any way to recover that restore point I created back in January? Currently System Restore shows two checkpoints in April and one in May. My space setting for System Restore is set to max.

3. If I can't fix the problem through System Restore, the only thing I know to do is format the hard drive. Any other suggestions, before I go that route?

4. Are there places other than What The Tech where I might go for another opinion?

Thanks,
Milo

#10 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 07 May 2008 - 05:29 PM

Okay, I ran Deckard's scanner, and main.txt is posted below. There was no sign of extra.txt. It didn't open in NotePad, and I couldn't find it on my hard drive.

Which version of HijackThis is it supposed to run? The log below refers to 2.0.2, but while Deckard's was running, HJT version 1.99.1 popped up a window and a notepad file. I do have both versions installed on my machine.

Also, I see in the log a list of files created between April 7 and May 7. I think the problem started earlier than that. My best guess is the last week of March, give or take a week.

Thanks,
Milo

Deckard's System Scanner v20071014.68
Run by Milo on 2008-05-07 18:17:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Milo.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-07 18:18:55
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\Program Files\CACI\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Lotus\Notes\ntmulti.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\Program Files\Mindjet\MindManager 7\MmReminderService.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Documents and Settings\Milo\Desktop\dss.exe
C:\Tools\Milo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinCinema Manager.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Device Detector 2.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Locate - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\Program Files\Software River Solutions\Visual WhoIs 2004\srstools.dll
O9 - Extra 'Tools' menuitem: Locate Using Visual WhoIs 2004 - {B6F776D7-C231-11D4-8158-005004ADEFCA} - C:\Program Files\Software River Solutions\Visual WhoIs 2004\srstools.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll,
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\SYSTEM32\ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\CACI\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\Lotus\Notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell


--
End of file - 10891 bytes

-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-07 18:06:45 0 d-------- C:\Documents and Settings\Milo\Application Data\NoteTab Pro
2008-05-07 18:04:21 0 d-------- C:\Documents and Settings\Milo\Application Data\AVGTOOLBAR
2008-05-07 18:02:38 0 d--h----- C:\Documents and Settings\Milo\Application Data\GTek
2008-05-07 18:02:29 0 d-------- C:\Documents and Settings\Milo\Application Data\Comodo
2008-05-07 18:02:21 0 d-------- C:\Documents and Settings\Milo\Application Data\Real
2008-05-07 18:00:25 0 d-------- C:\Documents and Settings\Milo\Application Data\Jasc Software Inc
2008-05-07 18:00:25 0 d-------- C:\Documents and Settings\Milo\Application Data\Identities
2008-05-07 18:00:25 0 d-------- C:\Documents and Settings\Milo\Application Data\Creative
2008-05-07 18:00:24 0 d--h----- C:\Documents and Settings\Milo\Templates
2008-05-07 18:00:24 0 dr------- C:\Documents and Settings\Milo\Start Menu
2008-05-07 18:00:24 0 dr-h----- C:\Documents and Settings\Milo\SendTo
2008-05-07 18:00:24 0 dr-h----- C:\Documents and Settings\Milo\Recent
2008-05-07 18:00:24 0 d--h----- C:\Documents and Settings\Milo\PrintHood
2008-05-07 18:00:24 0 d--h----- C:\Documents and Settings\Milo\NetHood
2008-05-07 18:00:24 0 dr------- C:\Documents and Settings\Milo\My Documents
2008-05-07 18:00:24 0 d--h----- C:\Documents and Settings\Milo\Local Settings
2008-05-07 18:00:24 0 dr------- C:\Documents and Settings\Milo\Favorites
2008-05-07 18:00:24 0 d-------- C:\Documents and Settings\Milo\Desktop
2008-05-07 18:00:24 0 d--hs---- C:\Documents and Settings\Milo\Cookies
2008-05-07 18:00:24 0 dr-h----- C:\Documents and Settings\Milo\Application Data
2008-05-07 18:00:24 0 d-------- C:\Documents and Settings\Milo\Application Data\Sun
2008-05-07 18:00:24 0 d-------- C:\Documents and Settings\Milo\Application Data\Sonic
2008-05-07 18:00:23 1310720 --ah----- C:\Documents and Settings\Milo\NTUSER.DAT
2008-05-03 13:45:08 0 d-------- C:\Documents and Settings\Bill\Application Data\Malwarebytes
2008-05-03 13:45:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-03 13:45:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-30 06:28:09 0 d-------- C:\Documents and Settings\meredith\Application Data\AVGTOOLBAR
2008-04-25 00:45:04 0 d--h----- C:\$AVG8.VAULT$
2008-04-24 23:34:19 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-04-24 23:34:19 0 d-------- C:\Documents and Settings\Bill\Application Data\AVGTOOLBAR
2008-04-24 23:34:09 0 d-------- C:\Program Files\AVG
2008-04-24 23:34:09 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-24 20:40:32 0 d--hs---- C:\WINDOWS\CSC
2008-04-12 23:02:56 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-12 23:02:56 2546 --a------ C:\WINDOWS\unins000.dat
2008-04-10 23:39:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-10 23:39:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab


-- Find3M Report ---------------------------------------------------------------

2008-05-05 20:02:52 0 d-------- C:\Program Files\PokerStars
2008-04-25 07:14:26 0 d-------- C:\Program Files\Java
2008-04-25 00:46:06 0 d-------- C:\Program Files\GameSpy Arcade
2008-04-24 23:27:47 0 d-------- C:\Program Files\AIM Toolbar
2008-04-24 23:25:01 0 d-------- C:\Program Files\Common Files\Network Associates
2008-04-24 22:11:41 0 d-------- C:\Program Files\NoteTab Pro 5
2008-04-24 20:36:58 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-10 23:31:04 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-10 07:07:06 8 --a------ C:\WINDOWS\system32\success
2008-04-10 07:06:38 0 d-------- C:\Program Files\CACI
2008-04-10 07:06:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-03 22:32:48 3577 --a------ C:\WINDOWS\mozver.dat
2008-04-03 17:38:23 0 d-------- C:\Program Files\Holdem Genius
2008-04-01 20:56:41 0 d-------- C:\Program Files\TurboTax
2008-03-15 18:16:47 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-15 18:16:19 0 d-------- C:\Program Files\Common Files
2008-03-15 18:15:01 0 d-------- C:\Program Files\Common Files\L&H
2008-03-15 17:59:49 0 d-------- C:\Program Files\Microsoft Works
2008-03-11 22:41:59 0 d-------- C:\Program Files\Full Tilt Poker
2008-03-08 13:14:43 4 --a------ C:\WINDOWS\system32\2E77DA
2008-03-08 01:59:32 0 d-------- C:\Program Files\Best Buy Rhapsody


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}]
05/18/2007 01:05 AM 71184 -ra------ C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/24/2008 11:34 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [01/07/2004 03:01 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/09/2006 12:47 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"P17Helper"="P17.dll" [06/10/2004 01:51 PM C:\WINDOWS\SYSTEM32\P17.dll]
"MMReminderService"="C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe" [05/18/2007 01:05 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [12/06/2003 12:08 AM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 10:12 PM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 03:05 AM]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [09/17/2003 12:43 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [04/10/2008 10:25 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/24/2008 11:34 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 02:52 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\Milo\Start Menu\Programs\Startup\
DESKTOP.INI [8/11/2004 7:15:06 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [12/27/2007 9:16:09 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/1/2006 11:04:20 AM]
DESKTOP.INI [8/11/2004 7:15:06 PM]
Device Detector 2.lnk - C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe [12/5/2007 12:55:20 PM]
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [1/23/2007 12:06:01 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\guard32.dll,avgrsstx.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-05-07 18:20:02 ------------

    Advertisements

Register to Remove


#11 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 08 May 2008 - 02:00 AM

Hi Extra.txt will be found in the C:\Deckard folder. I still dont see this as a malware problem. Can you cast your mind back to when the problem began, and think of any changes you may have made, like a new program, new toolbar or anything like that, around that time?
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#12 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 08 May 2008 - 05:54 AM

There is no extra.txt in the C:\Deckard folder. It has a single subfolder called "System Scanner", and that subfolder contains main.txt and nothing else. I also did a search all files and folders for extra.txt, and it came up empty. Here is exactly what happened at the time the problem started. I was surfing French-language music and entertainment sites. I started at www.m6.fr, which is mainstream but loaded with ads. I had clicked multiple links through maybe 6 or 8 different sites, some of which were very aggressive with pop-ups. I got a warning from Comodo Defense Plus about Google update. Comodo said it was a safe application, so I said treat it as an installer or updater, and switched to installation mode. A few minutes later, I got another warning from Comodo, about an unknown application modifying a folder. I assumed it was related to the Google update, and I said treat it as an installer or updater. Since I was still in installation mode, I had basically given blanket permission to this unknown application. Not smart, I admit. I'm pretty sure this is where the problem started. The point I'm trying to get across is that the malware scanners can only detect things they know about. Suppose this is somthing new? What's the process for identifying it and making it known to the malware scanners? Thanks, Milo

#13 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 09 May 2008 - 01:40 AM

Hi

If it happened over a month ago, you can be sure it is known about. We shall have to dig deep.


  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

#14 Milo77

Milo77

    Authentic Member

  • Authentic Member
  • PipPip
  • 21 posts

Posted 09 May 2008 - 06:00 PM

Okay, done. I waited until the problem appeared before starting the scan. I haven't always done that with previous scans. Not sure if it would make a difference.

Thanks for all your help! :)

Milo

GMER 1.0.14.14205 - http://www.gmer.net
Autostart scan 2008-05-09 19:42:47
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = C:\WINDOWS\system32\guard32.dll,avgrsstx.dll,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
avg8emc@ = C:\PROGRA~1\AVG\AVG8\avgemc.exe
avg8wd@ = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
cmdAgent@ = "C:\Program Files\COMODO\Firewall\cmdagent.exe"
Creative Service for CDROM Access@ = C:\WINDOWS\system32\CTsvcCDA.EXE
CVPND@ = "C:\Program Files\CACI\VPN Client\cvpnd.exe"
Fax@ = %systemroot%\system32\fxssvc.exe
McAfeeFramework@ = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart /*file not found*/
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
Multi-user Cleanup Service@ = "C:\Program Files\lotus\notes\ntmulti.exe"
sprtsvc_dellsupportcenter@ = C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter /*file not found*/
WMDM PMSP Service@ = C:\WINDOWS\system32\MsPMSPSv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@UpdateManager"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
@ShStatEXE"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE /*file not found*/ = "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE /*file not found*/
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@P17HelperRundll32 P17.dll,P17Helper = Rundll32 P17.dll,P17Helper
@MMReminderServiceC:\Program Files\Mindjet\MindManager 7\MMReminderService.exe = C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe
@Microsoft Works Update DetectionC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
@McAfeeUpdaterUI"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey = "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@IntelMeMC:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe = C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
@dscactivate"C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" = "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
@dlaC:\WINDOWS\system32\dla\tfswctrl.exe = C:\WINDOWS\system32\dla\tfswctrl.exe
@CTSysVolC:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r /*file not found*/ = C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r /*file not found*/
@COMODO Firewall Pro"C:\Program Files\COMODO\Firewall\cfp.exe" -h = "C:\Program Files\COMODO\Firewall\cfp.exe" -h
@AVG8_TRAYC:\PROGRA~1\AVG\AVG8\avgtray.exe = C:\PROGRA~1\AVG\AVG8\avgtray.exe
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Classes\.scr@ = "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{DEE12703-6333-4D4E-8F34-738C4DCC2E04} /*RecordNow! SendToExt*/C:\Program Files\Sonic\RecordNow! Plus\shlext.dll = C:\Program Files\Sonic\RecordNow! Plus\shlext.dll
@{5CA3D70E-1895-11CF-8E15-001234567890} /*DriveLetterAccess*/C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{24849E2F-0A86-40CD-A62A-B12F161882DB} /*ZEN V Series Media Explorer*/C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll = C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG8 Shell Extension*/C:\Program Files\AVG\AVG8\avgse.dll = C:\Program Files\AVG\AVG8\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG8 Find Extension*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
VirusScan@{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll /*file not found*/
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{07A11D74-9D25-4fea-A833-8B0D76A5577A}C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll = C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG8\avgssie.dll = C:\Program Files\AVG\AVG8\avgssie.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{5CA3D70E-1895-11CF-8E15-001234567890}C:\WINDOWS\system32\dla\tfswshx.dll = C:\WINDOWS\system32\dla\tfswshx.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
@{A057A204-BACC-4D26-9990-79A187E2698E}C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL = C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar4.dll = c:\program files\google\googletoolbar4.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.dell4me.com/myway = http://www.dell4me.com/myway
@Start Pagehttp://www.dell4me.com/myway = http://www.dell4me.com/myway
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG8\avgpp.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\SYSTEM32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\Milo\Start Menu\Programs\Startup = DESKTOP.INI

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
WinCinema Manager.lnk = WinCinema Manager.lnk
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
DESKTOP.INI = DESKTOP.INI
Device Detector 2.lnk = Device Detector 2.lnk
HotSync Manager.lnk = HotSync Manager.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.14 ----


GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-05-09 19:41:16
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEDAFADBA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xEDAFA398]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xEDAFA9DA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xEDAFB568]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xEDAFA0FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xEDAFBE20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEDAFAFA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xEDAF9CCA]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ZwDeleteKey [0xEBB9B190]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ZwDeleteValueKey [0xEBB9B0C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xEDAF9B7C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xEDAFBAC0]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ZwLoadKey [0xEBB9B210]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xEDAFABE4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xEDAF98C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xEDAFA87E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xEDAF9A24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xEDAFB91E]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ZwReplaceKey [0xEBB9B380]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEDAFA210]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ZwRestoreKey [0xEBB9B4C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xEDAFA55A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xEDAFBC60]
SSDT \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC) ZwSetValueKey [0xEBB9AFE0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xEDAFA70C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xEDAFA772]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xEDAF9FC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xEDAF9E92]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\MsPMSPSv.exe[184] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\MsPMSPSv.exe[184] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[468] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[468] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[620] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\QuickTime\qttask.exe[632] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\QuickTime\qttask.exe[632] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Rundll32.exe[640] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Rundll32.exe[640] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00F75050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00F74F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00F74C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00F716C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00F71540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00F71850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00F71220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 00F713B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 05, 89 ]
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00F74950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mindjet\MindManager 7\MMReminderService.exe[652] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00F74AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[680] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[688] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[688] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003D5050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003D4F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003D4C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003D16C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003D1540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003D1850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 003D1220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 003D13B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 4B, 88 ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003D4950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[704] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003D4AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003B5050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003B4F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003B4C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003B16C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003B1540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003B1850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 003B1220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 003B13B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 49, 88 ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003B4950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dla\tfswctrl.exe[740] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003B4AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe[768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[840] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[848] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[940] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe[984] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe[992] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[1036] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1036] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[1108] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1108] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[1120] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1120] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1332] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1332] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1420] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1420] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00555050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00554F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00554C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] USER32.dll!mouse_event 7E466515 5 Bytes JMP 005516C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00551540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00551850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00551220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 005513B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 63, 88 ]
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00554950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Sony Handheld\HOTSYNC.EXE[1504] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00554AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1544] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1544] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1656] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1656] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1728] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1728] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CACI\VPN Client\cvpnd.exe[1768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2004] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[2084] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2304] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2500] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Milo\Desktop\gmer.exe[2640] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2948] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 03C25050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 03C24F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] USER32.dll!EndTask 7E459E75 5 Bytes JMP 03C24C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] USER32.dll!mouse_event 7E466515 5 Bytes JMP 03C216C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] USER32.dll!keybd_event 7E466559 5 Bytes JMP 03C21540 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 03C21850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 03C21220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 03C213B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ D0, 8B ]
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 03C24950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[3400] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 03C24AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Erin\My Documents\bin\iPodService.exe[3424] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe[3820] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[3912] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3912] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[3940] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[3940] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe[4092] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7249710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7249770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7249990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7249950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EBB8B2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EBB8B560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EBB8B6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EBB8B450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EBB8B450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EBB8B2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EBB8B560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EBB8B6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EBB8B2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EBB8B6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EBB8B560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EBB8B450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EBB8B6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EBB8B560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EBB8B2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EBB8B450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EBB8B2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EBB8B560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EBB8B6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [EBB8B2D0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [EBB8B450] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [EBB8B6A0] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [EBB8B560] \??\C:\WINDOWS\system32\vsdatant.sys (TrueVector Device Driver/Zone Labs LLC)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] [005B3B60] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [005B3B60] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [005B3B60] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [005B3AC0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [005B3670] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [005B3700] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [005B3270] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [005B3810] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [005B3870] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [005B38D0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [005B3530] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [005B35D0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [005B3B60] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [005B3AC0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [005B3670] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [005B3270] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [005B3700] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [005B3870] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [005B32B0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [005B39B0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [005B2C90] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [005B38D0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [005B34C0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [005B3530] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [005B3390] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [005B3AC0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [005B38D0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [005B3270] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [005B3530] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [005B3870] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [005B3700] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [005B3AC0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [005B3B10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [005B3B60] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [005B3B60] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [005B3A80] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [005B3AC0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [005B3790] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [005B3BF0] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[832] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [005B3A10] C:\Program Files\COMODO\Firewall\cfp.exe (COMODO Firewall Pro/COMODO)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\cmdHlp \Device\CFPTcpFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\cmdHlp \Device\CFPRawFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\cmdHlp \Device\CFPUdpFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\cmdHlp \Device\cmdhlp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\cmdHlp \Device\CFPIpFlt avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@Mom\xb4sTypewriter (TrueType) Mom?t___.ttf
Reg HKLM\SOFTWARE\Classes\CLSID\{C89F85CD-FCDD-E412-AA03-045ACE5A502F}\InprocServer32@ C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FSTOCK.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C89F85CD-FCDD-E412-AA03-045ACE5A502F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C89F85CD-FCDD-E412-AA03-045ACE5A502F}\ProgID@ FStock.Factoid.1
Reg HKLM\SOFTWARE\Classes\CLSID\{C89F85CD-FCDD-E412-AA03-045ACE5A502F}\TypeLib@ {4136535C-724B-4F68-AEC2-9A7917456384}
Reg HKLM\SOFTWARE\Classes\CLSID\{C89F85CD-FCDD-E412-AA03-045ACE5A502F}\VersionIndependentProgID@ FStock.Factoid

---- EOF - GMER 1.0.14 ----

#15 Scotty

Scotty

    Always Happy

  • Authentic Member
  • PipPipPipPipPip
  • 3,634 posts

Posted 10 May 2008 - 02:11 AM

Okay, two things stand out.

You have installed AVG8 while still having Network Associates/McAfee installed. If you want to remove McAfee you need to run the MCPR tool.
Click here

I also see Comodo and Zone Alarm there. Like anti-virus's, you cant run two firewalls, they will conflict with each other.
You too could train to help others- Join the Classroom

Posted Image


Posted Image

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users