PDA

View Full Version : I think my browser has been hijacked



talula
2009-06-27, 02:21
Hi everyone,
Recently I am unable to search on Google. There is something on my computer that is manipulating words and links. For example, if I search for "kittens", the google search list will appear, but when I try to pull up the page it will either say, error, wrong syntax, or a totally different subject like real estate will appear.
I can type an address in my browser but it is running slow. I ran Spybot Search and Destroy (have not downloaded the new one) I unchecked tea timer and ran ERUNT. I run AVG and have Commodo. I scan my computer once a month. (BTW, this seemed to occur after I downloaded AVG to my toolbar. I did this by mistake thinking I was just updating my antivirus program. I have disabled it.) Also, I have Windows XP and have been unable to download the IE 8. My computer won't let me. I am running IE 6 now.
Here is my hijackthis log: (hope it is in the right format)
Thanks so much everybody!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:50 PM, on 6/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070913
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070913
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: Cfgustxt - {770A0F45-7829-4F85-9458-161E3DF1D3F3} - C:\WINDOWS\system32\dlgigsql.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 12106 bytes

Shaba
2009-06-28, 14:24
Hi talula

Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..

talula
2009-06-30, 06:18
Hi Shaba.
Sorry that I tool long to reply. I was waiting for an alert in my email. Can you remind me how to activate that feature?
I tried to post the results of my GMER scan but it said that I had too many characters. I wasn't sure what to do. I did not select "Show All" checkbox
It seemed to be several thousand characters too long...arghh...
Any thoughts?
Thanks,
Julie

Shaba
2009-06-30, 06:57
Private Messages - Settings & options - Edit options - Messaging & Notification - Default Thread Subscription Mode - Instant email notification - Save changes

Then you can split it into multiple replies, please :)

talula
2009-07-01, 06:27
okay...here is the GMER log in pieces:



Rootkit scan 2009-06-29 23:07:22
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEDD39C8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xEDD393C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xEDD398A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xEDD3A43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xEDD39080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xEDD3B084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEDD39E72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xEDD38C50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xEDD3A0B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteValueKey [0xEDD3A268]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xEDD38B02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xEDD3AD24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xEDD39AB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xEDD38822]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xEDD39744]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xEDD389AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xEDD3A7F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEDD39196]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xEDD3AAE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xEDD3AEC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetValueKey [0xEDD3A602]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xEDD395D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xEDD39638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xEDD38F4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xEDD38E18]

Code 84D1E218 ZwEnumerateKey
Code 84CFB2E0 ZwFlushInstructionCache
Code 84D1E24E IofCallDriver
Code 84CEECDE IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 84D1E253
.text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 84CEECE3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 84CFB2E4
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE0 5 Bytes JMP 84D1E21C

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0078000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[168] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007A000A
.text C:\Program Files\iPod\bin\iPodService.exe[196] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\iPod\bin\iPodService.exe[196] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[196] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00D6000A
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[332] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[504] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00675060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007E000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00674F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00671860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00671230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 006713C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [75, 88] {JNZ 0xffffffffffffff8a}
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00674C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] USER32.dll!mouse_event 7E466515 5 Bytes JMP 006716D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00671550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00674960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[572] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00674AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[588] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003D5060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [4B, 88]
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003D4960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[612] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0057000A
.text C:\WINDOWS\system32\winlogon.exe[896] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] GDI32.dll!CreateDCA

talula
2009-07-01, 06:30
Next Part:
JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\winlogon.exe[896] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[896] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[916] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006B000A
.text C:\WINDOWS\system32\services.exe[940] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\services.exe[940] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[940] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\lsass.exe[952] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[952] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\Explorer.EXE[1020] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1020] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1124] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1220] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1220] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00375060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A1000A
.text C:\WINDOWS\stsystra.exe[1236] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00374F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00371860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00371230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003713C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [45, 88]
.text C:\WINDOWS\stsystra.exe[1236] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00374C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003716D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00371550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00374960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[1236] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00374AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\WLTRAY.exe[1244] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\WLTRAY.exe[1244] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\WLTRAY.exe[1244] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 014D000A
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003A4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [48, 88]
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003A4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003A4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[1256] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003A4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1304] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1304] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] GDI32.dll!CreateDCW

talula
2009-07-01, 06:39
Another part..there may be some overlap...i lost my place...let me know if it is messed up and i will do it again...thanks


INDOWS\system32\svchost.exe[1388] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1388] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1388] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1400] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1504] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1504] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\wuauclt.exe[1560] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wuauclt.exe[1560] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1560] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00B5000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1664] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00395060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00B8000A
.text C:\WINDOWS\System32\bcmwltry.exe[1744] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00394F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00394C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003916D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00391550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00391860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00391230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003913C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [47, 88]
.text C:\WINDOWS\System32\bcmwltry.exe[1744] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00394960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1744] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00394AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003A5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003A4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003A4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [48, 88]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003A4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1752] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003A4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1812] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1812] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1812] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\spoolsv.exe[1844] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1844] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1924] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1924] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00385060 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E8000A
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00384F90 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [46, 88]
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00384C30 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00384960 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\JULIE\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1940] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00384AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00375060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00374F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00371860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00371230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003713C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [45, 88]
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00374C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003716D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00371550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00374960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00374AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1996] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009A000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2052] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00365060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00364F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00364960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00364AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00361860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00361230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003613C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [44, 88]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00364C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003616D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2100] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00361550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe[2116] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 006A5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0081000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006A4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 006A1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 006A1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 006A13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [78, 88] {JS 0xffffffffffffff8a}
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] USER32.dll!EndTask 7E459E75 5 Bytes JMP 006A4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] USER32.dll!mouse_event 7E466515 5 Bytes JMP 006A16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] USER32.dll!keybd_event 7E466559 5 Bytes JMP 006A1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 006A4960

talula
2009-07-01, 06:42
More:
C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2152] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 006A4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00385060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00DD000A
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00384F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [46, 88]
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00384C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00384960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00384AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003D5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00C6000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003D4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003D4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [4B, 88]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003D4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[2180] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003D4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003C5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00E7000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 003C4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003C1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003C1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003C13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [4A, 88]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] USER32.dll!EndTask 7E459E75 5 Bytes JMP 003C4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003C16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] USER32.dll!keybd_event 7E466559 5 Bytes JMP 003C1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003C4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2260] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 003C4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[2288] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009E000A
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[2296] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0119000A
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cfp.exe[2336] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 012E000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[2440] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2468] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0144000A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2496] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0126000A
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[2528] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00B0000A
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DellSupport\DSAgnt.exe[2556] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00385060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009C000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00384F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [46, 88]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00384C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00384960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2740] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00384AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007F000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3128] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AF000A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3204] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[3240] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BB000A
.text C:\WINDOWS\System32\alg.exe[3356] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\alg.exe[3356] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3356] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 003D000A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] GDI32.dll!CreateDCW 77F1BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] GDI32.dll!CreateDCW + 3 77F1BE9C 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3556] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

talula
2009-07-01, 06:50
This was really hard to do...i hope that i didnt leave anything out...

.Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1980] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe[2160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [005E1DC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [005E1DC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [005E1DC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [005E1540] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [005E1DC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [005E1920] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [005E19B0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [005E14F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [005E1E50] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [005E1F10] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [005E1FD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [005E17E0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [005E1880] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [005E1540] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [005E2390] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [005E1DC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [005E20B0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [005E1920] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [005E14F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [005E19B0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [005E1F10] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [005E1580] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [005E21C0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [005E2230] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [005E2210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [005E1FD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [005E1770] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [005E17E0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [005E1660] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [005E1540] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [005E2420] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [005E2290] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [005E1DC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [005E2350] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [005E2310] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [005E1FD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [005E14F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [005E17E0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [005E1F10] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [005E19B0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2336] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [005E22D0] C:\Program Files\COMODO\Firewall\cfp.exe

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \FileSystem\Fastfat \Fat BA00BC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNEToetltxjk.sys (*** hidden *** ) [SYSTEM] SKYNETnoeijboa <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa@imagepath \systemroot\system32\drivers\SKYNEToetltxjk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNEToetltxjk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\modules@SKYNETcmd.dll \systemroot\system32\SKYNETomuwupkr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\modules@SKYNETlog.dat \systemroot\system32\SKYNETjjxbeybi.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\modules@SKYNETwsp.dll \systemroot\system32\SKYNETktrijgyr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETnoeijboa\modules@SKYNET.dat \systemroot\system32\SKYNETuxjcgskw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa@imagepath \systemroot\system32\drivers\SKYNEToetltxjk.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNEToetltxjk.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\modules@SKYNETcmd.dll \systemroot\system32\SKYNETomuwupkr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\modules@SKYNETlog.dat \systemroot\system32\SKYNETjjxbeybi.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\modules@SKYNETwsp.dll \systemroot\system32\SKYNETktrijgyr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETnoeijboa\modules@SKYNET.dat \systemroot\system32\SKYNETuxjcgskw.dat

---- EOF - GMER 1.0.15 ---

Shaba
2009-07-01, 07:00
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

talula
2009-07-03, 06:16
Hi there,
I have run Combofix in the past with no problem. First, I couldn't download from that site. I had to go to another site.
I disabled my firewall and AVG and when i tried to run combofix, it kept saying that I am still running AVG....I went to msconfig and unchecked anything to do with AVG .....that didn't work.....Then I tried to remove the program entirely , but I got an error message.
Combofix tries to run when you click the X after it tells you that AVG is still running. So it is scary....
I don't know what to do.....help please...
thanks so much,
Julie

Shaba
2009-07-03, 07:07
Please try to run it in safe mode next :)

talula
2009-07-03, 23:44
Hi there,
I tried running combofix in safemode and i got the same response, that AVG is running. I tried to remove AVG in safemode and i got an error message. I did a search on the AVG files and came up with 75 files..
Thoughts?
thanks
julie

Shaba
2009-07-04, 10:20
You can try to ignore that message and let me know if it helped :)

talula
2009-07-05, 23:04
Hi there,
When I tried to run Combofix, it prompted me to run the recovery console, I pressed yes, and then it said that I needed to be connected to the internet. I have wireless, so I checked and was connected. This is while I was in Safe Mode. I tried running it again in normal mode and it said the same thing, that I was not connected to the internet. Then, it kept running for a minute or so to begin a scan I guess and I got an error message that read CF11551.exe Application error.
(0x7c910892 referenced memoray @ 0x00000002), and it just stopped. Ironically, after I closed the program, I was not connected to the internet. ARgggghhh...
I didn't have any of these problems when I had to run Combo fix a year or two ago.
Thanks,
Julie

Shaba
2009-07-06, 08:33
Please see my link how to install recovery console manually and try again :)

talula
2009-07-06, 17:53
hi there,
Im usually pretty good at following directions when fixing the computer, but I am stuck here. I went to the site to mannually install the recovery console. On that microsoft page, there is a link to download the whole set discs for service pack 2. Once I save that to my desktop, am I then to run it and then I drag the whole thing into combofix, because it is more than the recovery console, right? I'm confused:sad: I also noticed on my desk top that i had an icon that looked like the recovery console that i probably dragged into combofix before, but it says dothefix on it...
so anyway....some help please:)
thanks
julie

Shaba
2009-07-06, 19:07
Drag it to combofix and choose yes if asked to run, please :)

talula
2009-07-06, 23:07
hi there,
okay...i encountered a few more problems but was finally able to run combofix. please note that after a couple of minutes, a window came up indicating that combofix has detected the presence of rootkit activity, and it gave me the name of the files. let me know if you need the names.
here is the log from combofix and i will post again with a fresh hijackthis log.
thanks.






ComboFix 09-07-05.04 - JULIE 07/06/2009 15:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.894.632 [GMT -4:00]
Running from: c:\documents and settings\JULIE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JULIE\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNEToetltxjk.sys
c:\windows\system32\SKYNETjjxbeybi.dat
c:\windows\system32\SKYNETktrijgyr.dll
c:\windows\system32\SKYNETomuwupkr.dll
c:\windows\system32\SKYNETuxjcgskw.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETnoeijboa


((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-03 20:04 . 2007-09-14 01:16 29528 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 20:04 . 2007-09-14 01:00 128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-06-29 21:06 . 2009-06-29 21:06 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-29 21:06 . 2009-06-29 21:06 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-29 21:05 . 2009-06-29 21:05 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-29 21:04 . 2009-06-29 21:04 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-29 20:57 . 2009-06-29 20:57 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-29 20:53 . 2009-06-29 20:53 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-29 20:51 . 2009-06-29 20:51 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-29 20:51 . 2009-06-29 20:51 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-29 20:50 . 2009-06-29 20:50 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 23:09 . 2009-06-26 23:10 -------- d-----w- c:\program files\ERUNT
2009-06-26 22:38 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-26 20:46 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 20:46 . 2009-06-26 20:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 20:46 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-23 00:42 . 2009-06-02 17:37 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-23 00:39 . 2009-06-12 14:10 826624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-23 00:38 . 2009-06-23 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-23 00:36 . 2009-06-12 14:08 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-06-23 00:36 . 2009-06-12 14:08 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-12 14:11 . 2009-06-12 14:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 18:11 . 2007-09-19 15:05 6682 ----a-w- c:\documents and settings\JULIE\Application Data\wklnhst.dat
2009-07-03 20:41 . 2009-02-20 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-26 20:46 . 2007-09-19 07:14 -------- d-----w- c:\program files\Lavasoft
2009-06-23 00:37 . 2009-02-20 03:07 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-22 01:01 . 2009-03-21 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-17 01:33 . 2007-09-20 22:55 -------- d-----w- c:\documents and settings\JULIE\Application Data\U3
2009-05-21 17:25 . 2008-02-25 17:06 -------- d-----w- c:\program files\PrintSub
2009-05-07 15:44 . 2004-08-10 17:51 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-10 17:51 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 17:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-27 04:01 . 2009-04-27 04:01 825344 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\mach32.dll
2009-04-27 03:57 . 2009-04-27 03:57 274168 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cavshell.dll
2009-04-27 03:57 . 2009-04-27 03:57 52984 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cavscan.dll
2009-04-27 03:57 . 2009-04-27 03:57 934136 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cavscan.exe
2009-04-27 03:57 . 2009-04-27 03:57 364280 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfpupdat.dll
2009-04-27 03:57 . 2009-04-27 03:57 53496 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfplogvw.dll
2009-04-27 03:57 . 2009-04-27 03:56 1824504 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfpconfg.dll
2009-04-27 03:56 . 2009-04-27 03:56 2148088 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfp.dll
2009-04-27 03:56 . 2009-04-27 03:56 700152 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cmdagent.exe
2009-04-27 03:56 . 2009-04-27 03:56 80400 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\inspect.sys
2009-04-27 03:56 . 2009-04-27 03:56 24336 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cmdhlp.sys
2009-04-27 03:56 . 2009-04-27 03:56 110992 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cmdGuard.sys
2009-04-27 03:56 . 2009-04-27 03:56 155384 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\guard32.dll
2009-04-27 03:55 . 2009-04-27 03:55 1010424 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfpconfg.exe
2009-04-27 03:55 . 2009-04-27 03:55 425720 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\crashrep.exe
2009-04-27 03:55 . 2009-04-27 03:55 2961144 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfplogvw.exe
2009-04-27 03:55 . 2009-04-27 03:55 2260728 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfpupdat.exe
2009-04-27 03:55 . 2009-04-27 03:55 233208 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\framework.dll
2009-04-27 03:55 . 2009-04-27 03:54 1851128 ----a-w- c:\documents and settings\JULIE\Application Data\Comodo\Firewall Pro\Data\TempFiles\cfp.exe
2009-04-17 09:58 . 2004-08-10 17:51 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-10 17:51 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-16 13:29 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-09-14 1862144]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-02-27 315392]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1198989515\ee\AOLSoftware.exe" [2007-05-25 42032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-07-19 278264]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-07-19 1655552]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-08 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-27 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-09-22 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-13 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Dosetbmp"= {A8F4FDF8-661B-420B-BF25-DA7328683244} - c:\windows\system32\devovmag.dll [2009-03-21 1015808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 00:37 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"COMSysApp"=3 (0x3)
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1198989515\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Linksys Wireless-G Print Server\\PSDiagnosticM.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/26/2009 4:46 PM 64160]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [7/19/2008 7:00 PM 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7/19/2008 7:00 PM 24208]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [9/19/2007 5:35 PM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [9/19/2007 5:35 PM 37248]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys --> c:\windows\system32\Drivers\avgldx86.sys [?]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [9/19/2007 5:36 PM 11648]
S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/19/2009 11:07 PM 906520]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/19/2009 11:07 PM 298776]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 951632]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
SSODL-Cfgustxt-{770A0F45-7829-4F85-9458-161E3DF1D3F3} - c:\windows\system32\dlgigsql.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comodo.com/search/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070913
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\JULIE\Application Data\Mozilla\Firefox\Profiles\xddquitd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&invocationType=tb50-ff-games-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ab&query=
FF - component: c:\documents and settings\JULIE\Application Data\Mozilla\Firefox\Profiles\xddquitd.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 15:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\250296.msj 161184 bytes
c:\windows\system32\250296.rcv 1702 bytes

scan completed successfully
hidden files: 2

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3888)
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\devovmag.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
.
**************************************************************************
.
Completion time: 2009-07-06 16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-06 20:02

Pre-Run: 99,781,251,072 bytes free
Post-Run: 100,341,194,752 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

240 --- E O F --- 2009-06-10 01:17

talula
2009-07-06, 23:12
hi there,
here is a fresh hijackthis log...i hope its in the right format...let me know and i will resend
thanks





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:08:46 PM, on 7/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070913
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11243 bytes

Shaba
2009-07-07, 12:22
That's great :)

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

talula
2009-07-10, 04:06
hi there,
here is the new hijackthis log:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:54:55 PM, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe
C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070913
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1198989515\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11186 bytes

I have to find the kaspersky log file.
thanks,
julie

talula
2009-07-10, 04:09
okay...found the kaspersky log file:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 09, 2009 20:50:46
Records in database: 2451499
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: no

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 64030
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:37:37


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SKYNEToetltxjk.sys.vir Infected: Rootkit.Win32.TDSS.q 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETktrijgyr.dll.vir Infected: Trojan.Win32.Small.bzc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETomuwupkr.dll.vir Infected: Trojan.Win32.Monder.cpxu 1

The selected area was scanned.

Shaba
2009-07-10, 08:11
Empty this folder:

C:\Qoobox\Quarantine

Empty Recycle Bin.

Still problems?

talula
2009-07-10, 18:18
hi there,
everything seems to be working fine...
but a couple of things:
when i had all that trouble with combofix, i tried to remove AVG but i received and error and couldn't. It isn't running though now, but it is still listed in my program list. Should I just try to dowload it again?
Also, that file that you told me to remove, that was listed in the combofix quarantined files.. where do I go to remove it?
And finally, during the process of fixing things, suddenly now when I open IE, it comes up very small, about four by five inches. I don't know if this is a concern, but it happens every time, and just started doing this while we were fixing the problem.
Thanks so much for helping me fix this- you are a sweetheart!
Julie

Shaba
2009-07-10, 19:20
Yes you can redownload it then.

You can delete them via My Computer.

As for IE problem, is it OK to redirect you to some other forum?

talula
2009-07-12, 20:48
hi,
do you think that the IE thing is a problem? if so, please direct me to another forum....
and thanks again for all your help on this...
take care,
julie

Shaba
2009-07-12, 22:34
I recommend this (http://forums.pcpitstop.com/index.php?) place.

talula
2009-07-13, 16:57
one last thing...sorry....
i ran kaspersky again just to see if everything was clean because i hadn't installed AVG yet....when i scanned, the same three items came up from the first scan....does that mean the items were not removed?
does kaspersky remove the threats after it runs the scan..? with Spybot search and destroy, there is a prompt to remove infected items?
i saw that the quarantine and Qoobox was still on C when i checked on my computer...would this make a difference?
thanks,
julie

Shaba
2009-07-13, 17:33
Yes I will give you final instructions unless you have some issues left?

talula
2009-07-14, 00:06
my only issue is that when i ran the kaspersky scan yesterday, the same three infected items came up...
just wondering what that means...and, should i run that scan once a month even if i run AVG?
thanks
julie

Shaba
2009-07-14, 07:17
Yes those will go away once ComboFix has been uninstalled :)

Yes it wouldn't hurt.

Still something?

talula
2009-07-18, 04:27
Hi everyone,
Recently I removed malware with a wonderful tech person here...
In the final reply, he/she told me to uninstall Combofix and then that would remove the malware found in Kaspersky's scan.
It's been a few days, so I started a new thread. I looked up how to uninstall
Combofix and was instructed to go to Run...type combofix /u and then a prompt will appear. When I do this the program window for combofix automatically opens up and asks if i want to run it?
I tried to research more, but found no other options.
Any thoughts on how I can uninstall it?
thanks a lot!
Julie

Shaba
2009-07-18, 10:09
Hi talula

Are you sure that there was space between combofix and /u?

talula
2009-07-19, 23:29
yes, absolutely, there was a space between combofix and /u. I tried it several times...and the box to run the program keeps reappearing...
am i possibly reinfected?
thanks
julie

Shaba
2009-07-20, 07:01
No.

Then please redownload combofix and try again.

Let me know how it went.

talula
2009-07-22, 03:00
hi,
sorry to take so long...i had trouble accessing this website last night...
i downloaded combofix again and tried to uninstall it via run, type combofix /u and again, the combofix box appeared asking if i want to run the program..
thanks,
julie

Shaba
2009-07-22, 06:52
In that case delete this folder:

C:\Qoobox\Quarantine

Empty Recycle Bin.

Are you ready for final instructions?

talula
2009-07-23, 05:14
hi,
i already deleted that folder and emptied the recycle bin on earlier instructions...
what am i going to do about combofix?
thanks,
julie

Shaba
2009-07-23, 07:11
You can delete just combofix.exe then; final instructions will remove rest :)

talula
2009-07-24, 03:01
can you please elaborate on how to delete combofix.exe.?
where do i delete it from?
and what are the final instructions?
thanks
julie

Shaba
2009-07-24, 07:06
Delete it from desktop, please :)

Are you able to find it?

talula
2009-07-24, 17:17
hi...are you talking about deleting the combofix red icon? or a log file?
i need more specific instructions, sorry...
i did delete the two icons...

Shaba
2009-07-24, 19:37
Yes red icon belongs to combofix.exe.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)

Happy surfing and stay clean! :bigthumb:

talula
2009-07-26, 18:26
hi there,
i am not sure if five days has passed or not...sorry...but i just wanted to mention that i am unable to open IE....it opens, then just freezes.....do you think that this is malware related? or should i go to another forum?
This has never occurred before...I am running IE 6

also, when i went to restore as directed, there as an error message at bleepingcomputers.com...

Thanks,
julie

Shaba
2009-07-26, 18:52
If you are running IE 6, first step is to update it to version 8.

You can find latest version here (http://www.microsoft.com/windows/internet-explorer/default.aspx).

Let me know if it helped.

talula
2009-07-30, 04:21
hi there,
i updated to IE 8.....the situation has improved...but, it still takes a long time to open and half the time, it hangs...and i have to end task....then microsoft asks if i want to send a report for nonresponsive program...
thanks,
julie

Shaba
2009-07-30, 07:12
Hard to say.

Did you post to pcpitstop about it?

talula
2009-07-31, 04:45
no...i have not posted on pcpitsstop..but i can try that,
thanks..
julie

Shaba
2009-08-04, 07:08
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.