PDA

View Full Version : JS/Downloader.Agent and Exploit.ANI



phil_j
2007-11-08, 00:36
Please help me get rid of two viruses I have: JS/Downloader.Agent and Exploit.ANI

AVG is unable to remove them. Also I have tried to download Kaspersky Scanner but am unable (it says I need to be an administrator and that the security setting needs to be Medium - although this is already the case).

Thanks for any help you can give.
Below is the HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:55, on 07/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.rm.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6415 bytes

Shaba
2007-11-08, 11:28
Hi phil_j

Where does AVG say those viruses are?

phil_j
2007-11-08, 19:05
Hi Shaba. I tried another AVG scan, the Expoit.ANI seems to have disappeared but the JS/Downloader.Agent is still there and still cannot be healed. It says Error while handling file C:\Documents and Settings\Phil\DoctorWeb\Quarantine\counter[2].htm

Shaba
2007-11-08, 19:42
Hi

Try to empty that folder in safe mode:

C:\Documents and Settings\Phil\DoctorWeb\Quarantine

Did it help?

phil_j
2007-11-10, 18:19
I deleted the folder (and anything else I could find to do with Doctor Web) and AVG is no longer finding JS/Downloader.Agent. Thanks for your help with that but things are still not right as I am still having problems connecting to the internet and it takes forever to to open up a page (or it says it cannot connect). It's driving me nuts :eek:

Shaba
2007-11-10, 18:44
Hi

"Thanks for your help with that but things are still not right as I am still having problems connecting to the internet and it takes forever to to open up a page (or it says it cannot connect). It's driving me nuts"

Try then to make sure there are no proxy servers set in browser and that all network settings are like ISP says they say.

Have you tried with another modem?

phil_j
2007-11-11, 19:56
What's a proxy server? How can I check if any are set in browser? (Sorry I really don't know much about computing :red: )

Is this something that would have been changed by the virus? I had no problem getting onto the internet before last week then when I started having problems I did the AVG scan and saw the virus. Now AVG is not detecting the virus but the problem with the internet remains the same. For example, last night I tried to make this reply, I got into the thread but when I clicked on 'Post reply' the cursor changed to the hour glass and I waited an hour and a half but nothing happened. Sometimes I will get the hour glass and after about 5 to 10 mins it opens up the page, other times it goes to times out (using Firefox) or cannot connect (Internet Explorer). It is extremely frustrating and would really appreciate any help you could give me. Thanks

Shaba
2007-11-11, 19:59
Hi

"What's a proxy server? How can I check if any are set in browser? "

Well actually that should show up in HijackThis log and it doesn't.

Check also firewall settings for your browsers, they should be fully enabled.

phil_j
2007-11-11, 20:01
What's a proxy server? How can I check if any are set in browser? (Sorry I really don't know much about computing :red: )

Is this something that would have been changed by the virus? I had no problem getting onto the internet before last week then when I started having problems I did the AVG scan and saw the virus. Now AVG is not detecting the virus but the problem with the internet remains the same. For example, last night I tried to make this reply, I got into the thread but when I clicked on 'Post reply' the cursor changed to the hour glass and I waited an hour and a half but nothing happened. Sometimes I will get the hour glass and after about 5 to 10 mins it opens up the page, other times it says the connection has timed out (using Firefox) or cannot connect to the internet (Internet Explorer). It is extremely frustrating and would really appreciate any help you could give me. Thanks

phil_j
2007-11-11, 23:14
Hi Shaba,
How do I check the settings for the firewall in the browsers are enabled? I am using Comodo Firewall Pro.

Here is the logfile of HJT I just did:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:12, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.rm.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5554 bytes

Shaba
2007-11-12, 10:22
Hi

Open Comodo -> Security -> Application Monitor.

Are both browsers green(allowed)?

phil_j
2007-11-13, 03:13
Hi Shaba,
Thanks for that. Yes, I checked and they were both green.

I am having even more difficulty today connecting to the internet - it seems to be getting worse day by day (I am having to write this from my flatmate's computer as I cannot open up this webpage on my computer). I have to keep refreshing to eventually get to the page I want (although some pages never open up) and I am unable to update my antivirus and anti-spyware software (including Spybot). I have also noticed that some programs do not work any more (such as disk fragmentor), I am unable to download and some of my documents' names have been changed (they now begin with the two symbols ~$). I would appreciate any further hope you could give me. Thanks, Phil

Shaba
2007-11-13, 11:19
Hi

Well that sounds more windows problems to me than malware problems.

However, let's check this (use eg. USB stick for transfers):

* Download GMER from
here (http://www.gmer.net/gmer.zip):
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

phil_j
2007-11-13, 21:18
Thanks. Here is the log of the scan:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-13 15:39:09
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwDeleteValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetContextThread
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetInformationFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwShutdownSystem
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFile
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys ZwWriteFileGather

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Comodo\Firewall\CPF.exe[1904] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Comodo\Firewall\CPF.exe[1904] ntdll.dll!LdrLoadDll + 4 7C9161CE 2 Bytes [ 05, 5F ]
.text C:\Program Files\Comodo\Firewall\CPF.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F08001E
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2C1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A030F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A0290 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A02D4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A021C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A0256 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A034A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4064] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F31676 C:\WINDOWS\system32\IEFRAME.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F992C910] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F992C950] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F992C6D0] inspect.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F992C730] inspect.sys

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F9DE5404] avg7rsw.sys

Device \Driver\CmdMon \Device\ComodoRawIpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F0F1EA6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F0F1EA16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F0F1E94A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F0F1E9B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F0F1EB12] cmdmon.sys

Device \Driver\CmdMon \Device\ComodoUdpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F0F1EA6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F0F1EA16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F0F1E94A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F0F1E9B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F0F1EB12] cmdmon.sys

1.0.13 ----

phil_j
2007-11-13, 21:19
Device \Driver\CmdMon \Device\ComodoTcpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys
Device \Driver\CmdMon \Device\ComodoIpFilter IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F0F1EA6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F0F1EA16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F0F1E94A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F0F1E9B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F0F1EA6A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F0F1EA16] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F0F1E94A] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F9E6585A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F0F1E9B8] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F0F1EB12] cmdmon.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F0F1EB12] cmdmon.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F9DE5404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F9DE5404] avg7rsw.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN EFE35C74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP EFE32400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP EFE32400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible EFE35BCE

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Phil\Favorites\UK Property Tax Articles :favicon

---- EOF - GMER

Shaba
2007-11-14, 11:05
Hi

As it seems to be windows related problem, I don't think that I can help you, unfortunately.

However, I can re-direct to some windows forum if you like to.

phil_j
2007-11-14, 15:03
Hi Shaba,

Yes, it would be good if you could redirect me to a Windows forum.

Thanks very much for all your help trying to solve the problem. It's much appreciated :bigthumb:

Shaba
2007-11-14, 15:20
Hi

I recommend this (http://forums.pcpitstop.com/index.php?) forum :)

Shaba
2007-11-16, 11:38
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.