general manson
2009-08-22, 08:10
hijackthis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:36 AM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl Smith II\Desktop\GM Repair FolderFixes\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Maxmem] C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237176829543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237176906449
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 4855 bytes
gmer log
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 17:28:58
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xB875E0D2]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xB8760302]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xB875E02C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xB875EAAE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateThread [0xB875DD12]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xB875FCB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0xB875EEC0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteValueKey [0xB875EDDA]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenProcess [0xB875EB94]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xB875E9E0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenThread [0xB875ECB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xB875DBB4]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xB875FDE0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetValueKey [0xB875E26A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xB875EFA0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwTerminateProcess [0xB875DF66]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xB876014A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xB875FFB4]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4978 4 Bytes JMP A9DCB875
.text ntoskrnl.exe!ZwYieldExecution + 26A 804E4AA4 4 Bytes JMP F219031E
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Comodo\Firewall\CPF.exe[2204] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Comodo\Firewall\CPF.exe[2204] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [05, 5F]
.text C:\Program Files\Comodo\Firewall\CPF.exe[2204] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
---- Devices - GMER 1.0.15 ----
Device \Driver\CmdMon \Device\ComodoRawIpFilter socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Ip socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
Device \Driver\CmdMon \Device\ComodoUdpFilter socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp socketlock.sys
Device \Driver\CmdMon \Device\ComodoTcpFilter socketlock.sys
Device \Driver\CmdMon \Device\ComodoIpFilter socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp socketlock.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp socketlock.sys
---- EOF - GMER 1.0.15 ----
Should i be any worried on these two?
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4978 4 Bytes JMP A9DCB875
.text ntoskrnl.exe!ZwYieldExecution + 26A 804E4AA4 4 Bytes JMP F219031E
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:36 AM, on 8/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AnalogX\MaxMem\maxmem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Carl Smith II\Desktop\GM Repair FolderFixes\HijackThis.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Maxmem] C:\Program Files\AnalogX\MaxMem\maxmem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237176829543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237176906449
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
--
End of file - 4855 bytes
gmer log
GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 17:28:58
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwConnectPort [0xB875E0D2]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateFile [0xB8760302]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreatePort [0xB875E02C]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateSection [0xB875EAAE]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwCreateThread [0xB875DD12]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteFile [0xB875FCB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteKey [0xB875EEC0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwDeleteValueKey [0xB875EDDA]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenProcess [0xB875EB94]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenSection [0xB875E9E0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwOpenThread [0xB875ECB0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetContextThread [0xB875DBB4]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetInformationFile [0xB875FDE0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwSetValueKey [0xB875E26A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwShutdownSystem [0xB875EFA0]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwTerminateProcess [0xB875DF66]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFile [0xB876014A]
SSDT \SystemRoot\System32\DRIVERS\cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ZwWriteFileGather [0xB875FFB4]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4978 4 Bytes JMP A9DCB875
.text ntoskrnl.exe!ZwYieldExecution + 26A 804E4AA4 4 Bytes JMP F219031E
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Comodo\Firewall\CPF.exe[2204] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Comodo\Firewall\CPF.exe[2204] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [05, 5F]
.text C:\Program Files\Comodo\Firewall\CPF.exe[2204] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F765A910] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F765A950] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F765A6D0] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F765A730] inspect.sys (Comodo Personal Firewall Stateful Inspection Engine/COMODO)
---- Devices - GMER 1.0.15 ----
Device \Driver\CmdMon \Device\ComodoRawIpFilter socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Ip socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.)
Device \Driver\CmdMon \Device\ComodoUdpFilter socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp socketlock.sys
Device \Driver\CmdMon \Device\ComodoTcpFilter socketlock.sys
Device \Driver\CmdMon \Device\ComodoIpFilter socketlock.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp socketlock.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp socketlock.sys
---- EOF - GMER 1.0.15 ----
Should i be any worried on these two?
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4978 4 Bytes JMP A9DCB875
.text ntoskrnl.exe!ZwYieldExecution + 26A 804E4AA4 4 Bytes JMP F219031E