PDA

View Full Version : Nasty Virus - Automatically deletes downloaded .exe files and cannot run Spybot/AVG



Thomas.
2009-10-05, 04:31
I have what appears to be a similar problem to others but also further issues and should be extremely grateful for any assistance you can provide.

The virus appears to be doing a few things

1. It will not let me run Spybot or AVG. In the case of Spybot I get the following message "Windows cannot access the specified file. You may not have the appropriate permissions". AVG is simply not providing the scan option which is strange. Both were working fine before. I have tried to uninstall and re-install both but this did not assist.

2. The virus will not permit me to download any .exe file so essentially I cannot obtain other malware removal software on the infected PC (Toshiba laptop running Vista Home Premium - with HDD Recovery system! ). When the download is complete, it is simply automatically deleted from the designated download folder. On some occasions, the file may download but the virus appears to change the downloaded extension from a .exe to say a media player file - I guess simply to prevent running of virus removal software.

I have been unable to run the ERUNT procedure or create an HJT log as cannot download at present. I can obtain the files from another PC however and will do so once instructed by your goodselves.

I downloaded Dr Web CureIt on my Desktop PC and run on infected PC - Dr Web did not find any problems.

Many thanks for any assistance you can provide

Reading some of the other posts, you guys cleary go through a lot of time and effort and it is much appreciated - respect to you

Tom

Blade81
2009-10-07, 12:28
Hi,

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop (transfer to infected system). Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Thomas.
2009-10-08, 02:07
Hi Blade, many thanks for your help. Apologies for late reply, have been working late today. I think I may have managed to rid of some of the virus yday as I managed to d.load malwarebytes and it removed 4 trojans. However, I still cannot install AVG. I've managed to get Spybot S&D up and running fine now. Log Posted below

Running from: C:\Users\Tom\Desktop\Win32kDiag.exe

Log file at : C:\Users\Tom\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDAE5.tmp\ZAPDAE5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Thomas.
2009-10-08, 04:05
Hi Blade,

I have managed (since last post) to remove and re-install AVG. I did this by using AVG removal software I located in another post of yours. I'm presently running a scan and will let you know outcome asap. The PC is running alot better at the moment with all software protection running fine, albeit, I'm sure there's is still something probably hiding away which you will be able to locate and remove.

As matters stand, I've managed to remove approx 5 trojans/virus' with Spyware Terminator and Malwarebytes. I can post some sort of log next time for your perusal if you think it will be worth it.

In the meantime, please do let me know what steps I should take next.

Once again, thanks ever so much for your help. Wouldnt be able to sort this without you guys.

Best Regards,
Tom

Blade81
2009-10-08, 07:37
Hi,

Win32kdiag didn't run long enough to create complete log. Please run it again and give it some more time to finish.

Thomas.
2009-10-08, 21:39
Hi Blade

Appears this does not want to run any further as log has stopped at same point. Log below

Running from: C:\Users\Tom\Desktop\Win32kDiag.exe

Log file at : C:\Users\Tom\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDAE5.tmp\ZAPDAE5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-10-08 19:24:29 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Thanks
Tom

Blade81
2009-10-08, 22:06
Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
DIR /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >Log.txt
START Log.txt
DEL %0

Double-click on fixes.bat file to execute it.


Notepad should open up. Post back its contents back here.

Thomas.
2009-10-08, 22:31
Hi Blade.

Before I carry out last instruction - please see up to date log which I obtained before. I ran once more but as Administrator. It didnt do much more but went a little further.

Running from: C:\Users\Tom\Desktop\Win32kDiag.exe

Log file at : C:\Users\Tom\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDAE5.tmp\ZAPDAE5.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-10-08 19:24:29 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-10-08 19:24:14 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-10-08 19:24:14 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl



Should I still proceed as per last instruction? Thanks Tom

Thomas.
2009-10-08, 22:55
Log Below after applying fixes.bat

Volume in drive C is Vista
Volume Serial Number is BA1A-CF04

Directory of C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

11/04/2009 07:28 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

11/04/2009 07:28 592,896 netlogon.dll
1 File(s) 592,896 bytes

Directory of C:\WINDOWS\System32

21/01/2008 03:24 177,152 scecli.dll

Directory of C:\WINDOWS\System32

21/01/2008 03:24 592,384 netlogon.dll
2 File(s) 769,536 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

02/11/2006 10:46 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

21/01/2008 03:24 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

21/01/2008 03:24 592,384 netlogon.dll
1 File(s) 592,384 bytes

Total Files Listed:
7 File(s) 2,320,896 bytes
0 Dir(s) 66,763,026,432 bytes free

Blade81
2009-10-09, 11:20
Ok. Let's continue.

Please save this (http://download.bleepingcomputer.com/rootrepeal/Win32kDiag.exe) file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.


Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

Thomas.
2009-10-09, 23:51
Hi blade - first part of last instruction does not appear to work. when I run win32 it will not let me copy and past into the black screen which is what the last post indicated. do i have to follow earlier instruction and save as fixes.bat then copy an paste. sorry to be a pain just little confused

thanks
tom

Blade81
2009-10-09, 23:54
Hi,

You should copy paste that text into run box (start->run or alternatively window button+r to make the run box appear).

To me it sounds like you tried to copy-paste it into command prompt window.

Thomas.
2009-10-10, 00:07
Just running intial scan

could you please confirm how to Disable any script blocker

Thomas.
2009-10-10, 01:31
Win32diag below:

Running from: C:\Users\Tom\Desktop\win32kdiag.exe

Log file at : C:\Users\Tom\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDAE5.tmp\ZAPDAE5.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDAE5.tmp\ZAPDAE5.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\temp\temp

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\assembly\tmp\tmp

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\Globalization

Found mount point : C:\Windows\Google Toolbar\Google Toolbar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Google Toolbar\Google Toolbar

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\Corporate\Corporate

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Help\OEM\OEM

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6215\12.0.6215

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6215\12.0.6215

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6215\12.0.6215

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6215\12.0.6215

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\nap\configuration\configuration

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Panther\setup.exe\setup.exe

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\PLA\Templates\Templates

Found mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RegisteredPackages\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}\{3695EB93-6443-448D-8E2E-1F6F4FC79BC1}

Found mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\RegisteredPackages\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}\{89FDAB62-6F46-4C7E-A559-E00B9A0BACB6}

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\registration\CRMLog\CRMLog

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SchCache\SchCache

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\security\templates\templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-10-08 19:24:29 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl



DDS Log below:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Tom at 22:21:43.47 on 09/10/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1641 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\rpcnet.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60426
mStart Page = hxxp://www.koower.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3.5\TMMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll,avgrsstx.dll c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-8 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-9-14 98320]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-9-14 25104]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-28 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-14 297752]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [2009-5-4 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-3-4 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2009-3-4 32288]

=============== Created Last 30 ================

2009-10-08 01:30 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-10-08 01:30 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-10-08 01:04 <DIR> --d----- c:\programdata\is-9NC4L
2009-10-08 01:04 <DIR> --d----- c:\progra~2\is-9NC4L
2009-10-08 01:04 2,969,632 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-08 01:04 35,876 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-07 01:59 <DIR> --d----- c:\users\tom\appdata\roaming\AVG8
2009-10-07 01:57 <DIR> --d----- c:\program files\SpywareGuard
2009-10-07 01:55 <DIR> a-d----- c:\programdata\TEMP
2009-10-07 01:52 <DIR> --d----- C:\ie-spyad
2009-10-07 01:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-07 01:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy2
2009-10-06 23:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 23:54 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-06 23:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 01:03 <DIR> --d----- c:\users\tom\DoctorWeb
2009-10-04 23:57 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 22:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-28 16:34 <DIR> --d----- c:\program files\Crawler
2009-09-28 16:33 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-28 16:33 <DIR> --d----- c:\users\tom\appdata\roaming\Spyware Terminator
2009-09-28 16:33 <DIR> --d----- c:\programdata\Spyware Terminator
2009-09-28 16:33 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-09-28 16:33 <DIR> --d----- c:\program files\Spyware Terminator
2009-09-28 16:00 <DIR> --d----- c:\users\tom\appdata\roaming\Malwarebytes
2009-09-28 16:00 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-28 16:00 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-28 13:12 <DIR> --d----- c:\users\tom\College of Law
2009-09-28 13:12 <DIR> --d----- c:\users\tom\New Folder
2009-09-14 20:42 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-14 20:42 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-14 20:42 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-14 20:42 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-14 20:42 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-14 20:42 10,240 a------- c:\windows\system32\finger.exe
2009-09-14 20:42 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-14 20:42 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-14 20:41 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-14 20:41 17,920 a------- c:\windows\system32\netevent.dll
2009-09-14 20:41 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-14 20:41 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-14 20:41 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-14 20:41 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-14 20:41 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-14 20:41 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-14 20:38 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-14 20:38 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-10-08 19:24 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-28 17:56 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-09-28 12:54 124 a------- c:\users\tom\appdata\roaming\wklnhst.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 13:30 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 13:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-04 15:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-04 15:52 51,200 a------- c:\windows\inf\infpub.dat
2009-05-04 15:52 86,016 a------- c:\windows\inf\infstor.dat
2008-08-31 20:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:22:12.39 ===============


Attach Log below:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/08/2008 18:55:46
System Uptime: 10/09/2009 19:45:29 (699 hours ago)

Motherboard: TOSHIBA | | Satellite A300
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 118 GiB total, 61.593 GiB free.
E: is FIXED (NTFS) - 114 GiB total, 108.35 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: isatap.home
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
ArcSoft TotalMedia 3.5
ATI Catalyst Install Manager
AutoUpdate
AVG Free 8.5
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
COMODO Firewall Pro
COMODO SafeSurf
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Desktop SMS
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVB-T USB DEVICE
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
Google Pinyin IME
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
igLoader
Intel® Matrix Storage Manager
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
myphotobook 3.5
Nero 7 Ultra Edition
neroxml
NetWaiting
O2Micro Flash Memory Card Reader Driver (x86)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
Skins
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.2
SpywareGuard v2.2
Synaptics Pointing Device Driver
The Beast Within English
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Video Player 1.03
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.1
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver

==== End Of File ===========================


GMER to follow

Thanks Blade
Tom

Thomas.
2009-10-10, 01:34
It appears GMER Log has too many characters so will post it in a few replies

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-09 23:34:01
Windows 6.0.6001 Service Pack 1
Running: rp04c55m.exe; Driver: C:\Users\Tom\AppData\Local\Temp\kfldipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8FD3F988]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8FD40832]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8FD3FDBC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8FD3ED3E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8FD3F544]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8FD3EA98]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8FD3F39A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8FD3FB6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8FD3E66E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8FD3E520]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8FD404B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8FD3EF84]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8FD3F77C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8FD3E250]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8FD3F214]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8FD3E3C8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8FD3EBB6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8FD4026C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8FD40662]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8FD3EF1E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8FD3F108]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8FD3E962]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8FD3E830]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8FD3FEC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateUserProcess [0x8FD40AC2]

INT 0x51 ? 871B9BF8
INT 0x51 ? 871B9BF8
INT 0x52 ? 871B9BF8
INT 0x72 ? 871B9BF8
INT 0x82 ? 871B9BF8
INT 0x92 ? 8496BBF8
INT 0xA2 ? 85730BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 34C 820CD910 4 Bytes [88, F9, D3, 8F]
.text ntkrnlpa.exe!KeSetTimerEx + 370 820CD934 8 Bytes [32, 08, D4, 8F, BC, FD, D3, ...]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 820CD9B8 4 Bytes [3E, ED, D3, 8F]
.text ntkrnlpa.exe!KeSetTimerEx + 40C 820CD9D0 4 Bytes [44, F5, D3, 8F]
.text ntkrnlpa.exe!KeSetTimerEx + 438 820CD9FC 4 Bytes JMP 91718FD3
.text ...
? System32\Drivers\spyn.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8F5AC46F 5 Bytes JMP 871B91D8
.text as2uqv3a.SYS 8F93D000 22 Bytes [26, 52, 3D, 82, 10, 51, 3D, ...]
.text as2uqv3a.SYS 8F93D017 83 Bytes [00, 32, 97, 79, 80, 3D, 95, ...]
.text as2uqv3a.SYS 8F93D06B 61 Bytes [82, 30, 8C, 06, 82, D8, 88, ...]
.text as2uqv3a.SYS 8F93D0A9 35 Bytes [80, 06, 82, A0, 77, 06, 82, ...]
.text as2uqv3a.SYS 8F93D0CE 10 Bytes [00, 00, 00, 00, 00, 00, F1, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; INT1 ; AAM 0x83; DEC EAX}
.text ...

Thomas.
2009-10-10, 01:37
GMER Cont. .

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[400] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[400] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[640] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[696] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[744] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[760] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[840] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\alg.exe[1012] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1188] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1204] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1212] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1252] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[1284] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1456] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Ati2evxx.exe[1536] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[1600] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1616] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1820] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1848] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2108] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[2152] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 001855C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 00185690 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] USER32.dll!mouse_event 77E01305 5 Bytes JMP 001816D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 00185250 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 00181550 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 00181860 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 00181230 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 001813C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 001850E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[2196] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 00184F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 003C55C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 003C5690 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 003C1860 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 003C1230 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 003C13C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] USER32.dll!mouse_event 77E01305 5 Bytes JMP 003C16D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 003C5250 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 003C1550 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 003C50E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] ole32.dll!CoCreateInstanceEx 77B0E1CB 3 Bytes JMP 003C4F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2228] ole32.dll!CoCreateInstanceEx + 4 77B0E1CF 1 Byte [88]
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe[2344] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2484] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\rpcnet.exe[2496] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2564] ole32.dll!CoCreateInstanceEx

Thomas.
2009-10-10, 01:38
GMER Cont../

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2628] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[2780] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[2816] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2832] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 001A55C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 001A5690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] USER32.dll!mouse_event 77E01305 5 Bytes JMP 001A16D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 001A5250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 001A1550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 001A1860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 001A1230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 001A13C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 001A50E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2900] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 001A4F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2912] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2980] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgtray.exe[2988] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3044] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[3060] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\TODDSrv.exe[3152] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3192] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 003955C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 00395690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] USER32.dll!mouse_event 77E01305 5 Bytes JMP 003916D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 00395250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 00391550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 00391860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 00391230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 003913C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 003950E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3216] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 00394F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[3264] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Sidebar\sidebar.exe[3380] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[3408] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3424] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehtray.exe[3460] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[3468] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] kernel32.dll!SetUnhandledExceptionFilter 764B6E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3476] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 003455C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 00345690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] USER32.dll!mouse_event 77E01305 5 Bytes JMP 003416D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 00345250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 00341550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 00341860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 00341230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 003413C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 003450E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3496] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 00344F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3504] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[3564] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe[3576] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 019355C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 01935690 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] USER32.dll!mouse_event 77E01305 5 Bytes JMP 019316D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 01935250 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 01931550 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 01931860 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 01931230 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 019313C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 019350E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe[3592] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 01934F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll

Thomas.
2009-10-10, 01:38
GMER cont...

.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3620] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[3636] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgmain.exe[3660] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\ehome\ehmsas.exe[3684] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\unsecapp.exe[4188] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\SpywareGuard\sgbhp.exe[4364] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4524] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[4576] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Users\Tom\Desktop\rp04c55m.exe[5032] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] ntdll.dll!LdrUnloadDll 77C4E89C 7 Bytes JMP 100055C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] ntdll.dll!NtClose 77C67F48 5 Bytes JMP 10005690 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] USER32.dll!mouse_event 77E01305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] USER32.dll!EndTask 77E1ACCF 5 Bytes JMP 10005250 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] USER32.dll!keybd_event 77E2D93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] GDI32.dll!BitBlt 779E6CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] GDI32.dll!CreateDCA 779EAC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] GDI32.dll!CreateDCW 779EADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] ole32.dll!CoGetClassObject 77AF6120 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5724] ole32.dll!CoCreateInstanceEx 77B0E1CB 5 Bytes JMP 10004F60 C:\Windows\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806906D2] \SystemRoot\System32\Drivers\spyn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80690040] \SystemRoot\System32\Drivers\spyn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806907FC] \SystemRoot\System32\Drivers\spyn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806900BE] \SystemRoot\System32\Drivers\spyn.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069013C] \SystemRoot\System32\Drivers\spyn.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A0048] \SystemRoot\System32\Drivers\spyn.sys
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortNotification] 39368B60
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortWritePortUchar] 7589084E
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortWritePortUlong] 0F0975F4
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 3B2E53B6
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 3E722056
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortGetScatterGatherList] E9753E39
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortReadPortUchar] 8BF87D8B
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortStallExecution] 93D00835
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortGetParentBusType] B9D08A8F
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortRequestCallback] [8F962F20] \SystemRoot\System32\Drivers\as2uqv3a.SYS (ATAPI IDE Miniport Driver/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 7D80D6FF
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 6A7400FF
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortCompleteRequest] 8B085F8D
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortMoveMemory] 0C15FFCB
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 8D8F93D0
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 000ABC8F
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00398300
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortReadPortUshort] D08A2D74
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D6FFCB8B
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortInitialize] 00FF45C6
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortGetDeviceBase] B60F36EB
IAT \SystemRoot\System32\Drivers\as2uqv3a.SYS[ataport.SYS!AtaPortDeviceStateChange] C9692E4B

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 857331F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8496D1F8
Device \Driver\sptd \Device\2550388969 spyn.sys
Device \Driver\usbuhci \Device\USBPDO-0 872791F8
Device \Driver\usbuhci \Device\USBPDO-1 872791F8
Device \Driver\usbehci \Device\USBPDO-2 8727A1F8
Device \Driver\usbuhci \Device\USBPDO-3 872791F8
Device \Driver\PCI_PNP4955 \Device\00000060 spyn.sys
Device \Driver\usbuhci \Device\USBPDO-4 872791F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 872791F8
Device \Driver\usbehci \Device\USBPDO-6 8727A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{0881058F-924E-438A-B69E-983F7B374D43} 901481F8
Device \Driver\volmgr \Device\HarddiskVolume1 8496D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8496D1F8
Device \Driver\cdrom \Device\CdRom0 873501F8
Device \Driver\volmgr \Device\HarddiskVolume3 8496D1F8
Device \Driver\cdrom \Device\CdRom1 873501F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 857311F8
Device \Driver\iaStor \Device\Ide\iaStor0 [826CF580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort0 857311F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826CF580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section]
Device \Driver\cdrom \Device\CdRom2 873501F8
Device \Driver\cdrom \Device\CdRom3 873501F8
Device \Driver\cdrom \Device\CdRom4 873501F8
Device \Driver\netbt \Device\NetBt_Wins_Export 901481F8
Device \Driver\Smb \Device\NetbiosSmb 9011C1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8737E1F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 872791F8
Device \Driver\usbuhci \Device\USBFDO-1 872791F8
Device \Driver\usbehci \Device\USBFDO-2 8727A1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{16714085-A6E4-4E3B-87FB-41CDB15024B4} 901481F8
Device \Driver\usbuhci \Device\USBFDO-3 872791F8
Device \Driver\usbuhci \Device\USBFDO-4 872791F8
Device \Driver\usbuhci \Device\USBFDO-5 872791F8
Device \Driver\usbehci \Device\USBFDO-6 8727A1F8
Device \Driver\as2uqv3a \Device\Scsi\as2uqv3a1Port4Path0Target1Lun0 8737A1F8
Device \Driver\as2uqv3a \Device\Scsi\as2uqv3a1 8737A1F8
Device \Driver\as2uqv3a \Device\Scsi\as2uqv3a1Port4Path0Target3Lun0 8737A1F8
Device \Driver\as2uqv3a \Device\Scsi\as2uqv3a1Port4Path0Target0Lun0 8737A1F8
Device \Driver\as2uqv3a \Device\Scsi\as2uqv3a1Port4Path0Target2Lun0 8737A1F8
Device \FileSystem\cdfs \Cdfs 947AB1F8
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\COMODO\Firewall\cfp.exe [3068] 0x02710000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 32378
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB8 0x96 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x13 0x5B 0xCC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0xA1 0x77 0x11 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x4A 0xE7 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC8 0x6F 0xD8 0x46 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xA8 0x51 0xE9 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x7C 0x31 0x64 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB8 0x96 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x13 0x5B 0xCC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0xA1 0x77 0x11 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x4A 0xE7 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC8 0x6F 0xD8 0x46 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xA8 0x51 0xE9 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x7C 0x31 0x64 0xDB ...

---- EOF - GMER 1.0.15 ----

Blade81
2009-10-10, 10:23
Hi,

Uninstall COMODO SafeSurf if you didn't install it on purpose.

Get updates 8.1.3 & 8.1.6 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Tick the box next to YES, I accept the Terms of Use.
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new dds.txt log & a description of any remaining problems

Thomas.
2009-10-12, 01:57
Hi Blade - apologies for delay in replying, have had a busy weekend.

ESET Online Scan Log below: the logfile located at C:\Program Files\EsetOnlineScanner\log.txt does not appear to show anthing other than 3 lines posted below which didnt seem right to me. However, I can confirm that the scan did identify one infected item and referred to it as a variant of the Win32 Trojan

Log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251


New DDS Log Below:


DDS (Ver_09-09-29.01) - NTFSx86
Run by Tom at 23:48:07.73 on 11/10/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1703 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\rpcnet.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/webhp?sourceid=navclient&hl=en-GB&ie=UTF-8
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60426
mStart Page = hxxp://www.koower.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~2\SDHelper.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\users\tom\appdata\roaming\micros~1\windows\startm~1\programs\startup\trdcre~1.lnk - c:\program files\toshiba\trdcreminder\TRDCReminder.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3.5\TMMonitor.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~2\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll,avgrsstx.dll c:\windows\system32\guard32.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-14 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-8 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-9-14 98320]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-9-14 25104]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-28 142592]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-8 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-9-14 297752]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
S3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [2009-5-4 41120]
S3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2009-3-4 74912]
S3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [2009-3-4 32288]

=============== Created Last 30 ================

2009-10-10 14:51 <DIR> --d----- c:\program files\ESET
2009-10-10 14:41 411,368 a------- c:\windows\system32\deploytk.dll
2009-10-08 01:30 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-10-08 01:30 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-10-08 01:04 <DIR> --d----- c:\programdata\is-9NC4L
2009-10-08 01:04 <DIR> --d----- c:\progra~2\is-9NC4L
2009-10-08 01:04 2,969,632 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-10-08 01:04 35,876 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-10-07 01:59 <DIR> --d----- c:\users\tom\appdata\roaming\AVG8
2009-10-07 01:57 <DIR> --d----- c:\program files\SpywareGuard
2009-10-07 01:55 <DIR> a-d----- c:\programdata\TEMP
2009-10-07 01:52 <DIR> --d----- C:\ie-spyad
2009-10-07 01:46 <DIR> --d----- c:\program files\SpywareBlaster
2009-10-07 01:33 <DIR> --d----- c:\program files\Spybot - Search & Destroy2
2009-10-06 23:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 23:54 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-06 23:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-05 01:03 <DIR> --d----- c:\users\tom\DoctorWeb
2009-10-04 23:57 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-29 22:38 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-28 16:34 <DIR> --d----- c:\program files\Crawler
2009-09-28 16:33 142,592 a------- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-09-28 16:33 <DIR> --d----- c:\users\tom\appdata\roaming\Spyware Terminator
2009-09-28 16:33 <DIR> --d----- c:\programdata\Spyware Terminator
2009-09-28 16:33 <DIR> --d----- c:\progra~2\Spyware Terminator
2009-09-28 16:33 <DIR> --d----- c:\program files\Spyware Terminator
2009-09-28 16:00 <DIR> --d----- c:\users\tom\appdata\roaming\Malwarebytes
2009-09-28 16:00 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-28 16:00 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-28 13:12 <DIR> --d----- c:\users\tom\College of Law
2009-09-28 13:12 <DIR> --d----- c:\users\tom\New Folder
2009-09-14 20:42 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-14 20:42 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-14 20:42 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-14 20:42 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-14 20:42 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-14 20:42 10,240 a------- c:\windows\system32\finger.exe
2009-09-14 20:42 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-14 20:42 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-14 20:41 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-14 20:41 17,920 a------- c:\windows\system32\netevent.dll
2009-09-14 20:41 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-14 20:41 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-14 20:41 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-14 20:41 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-14 20:41 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-14 20:41 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-14 20:38 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-14 20:38 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

==================== Find3M ====================

2009-10-11 22:39 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-28 17:56 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-09-28 12:54 124 a------- c:\users\tom\appdata\roaming\wklnhst.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-17 13:30 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 13:30 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-05-04 15:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-04 15:52 51,200 a------- c:\windows\inf\infpub.dat
2009-05-04 15:52 86,016 a------- c:\windows\inf\infstor.dat
2008-08-31 20:26 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 03:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 23:48:36.20 ===============

Attach Log (Wasnt sure if this was required)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 31/08/2008 18:55:46
System Uptime: 10/11/2009 22:38:17 (-719 hours ago)

Motherboard: TOSHIBA | | Satellite A300
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | U2E1 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 118 GiB total, 61.181 GiB free.
E: is FIXED (NTFS) - 114 GiB total, 108.35 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: isatap.home
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel

==== System Restore Points ===================

RP331: 05/10/2009 02:27:25 - Windows Defender Checkpoint
RP333: 06/10/2009 22:52:40 - Avg8 Update
RP335: 06/10/2009 22:54:04 - Avg8 Update
RP337: 06/10/2009 22:56:29 - Windows Update
RP339: 06/10/2009 23:41:03 - Removed AVG Free 8.5
RP341: 07/10/2009 00:18:45 - Removed AVG Free 8.5
RP343: 07/10/2009 02:03:24 - Configured AVG Free 8.5
RP345: 08/10/2009 01:29:53 - Configured AVG Free 8.5
RP347: 08/10/2009 01:34:36 - Avg8 Update
RP349: 08/10/2009 01:35:22 - Avg8 Update
RP351: 08/10/2009 20:45:56 - Windows Update
RP353: 10/10/2009 14:26:36 - Installed Adobe Reader 8.1.3
RP355: 10/10/2009 14:37:50 - Removed Java(TM) 6 Update 3
RP357: 10/10/2009 14:38:42 - Removed Java(TM) 6 Update 7
RP359: 10/10/2009 14:40:53 - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
ArcSoft TotalMedia 3.5
ATI Catalyst Install Manager
AutoUpdate
AVG Free 8.5
Bluetooth Stack for Windows by Toshiba
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
COMODO Firewall Pro
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Desktop SMS
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVB-T USB DEVICE
DVD MovieFactory for TOSHIBA
ERUNT 1.1j
ESET Online Scanner v3
Google Pinyin IME
Google Toolbar for Internet Explorer
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
igLoader
Intel® Matrix Storage Manager
Java(TM) 6 Update 16
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
myphotobook 3.5
Nero 7 Ultra Edition
neroxml
NetWaiting
O2Micro Flash Memory Card Reader Driver (x86)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Media Encoder (KB954156)
Skins
Spybot - Search & Destroy
Spyware Terminator
SpywareBlaster 4.2
SpywareGuard v2.2
Synaptics Pointing Device Driver
The Beast Within English
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Total Video Player 1.03
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.0.1
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

11/10/2009 22:38:49, Error: EventLog [6008] - The previous system shutdown at 22:36:57 on 11/10/2009 was unexpected.
10/10/2009 19:00:19, Error: EventLog [6008] - The previous system shutdown at 18:39:44 on 10/10/2009 was unexpected.
10/10/2009 17:49:02, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
10/10/2009 14:27:53, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/10/2009 14:27:53, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/10/2009 14:27:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
10/10/2009 14:27:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
09/10/2009 22:44:24, Error: EventLog [6008] - The previous system shutdown at 22:30:55 on 09/10/2009 was unexpected.
07/10/2009 23:57:25, Error: Service Control Manager [7024] - The AVG Free8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
07/10/2009 23:57:25, Error: Service Control Manager [7001] - The AVG Free8 E-mail Scanner service depends on the AVG Free8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
05/10/2009 01:01:31, Error: Microsoft-Windows-WPD-MTPClassDriver [15300] - MTP WPD Driver has failed to start. Error 0x80070002.
05/10/2009 00:29:07, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
04/10/2009 23:52:24, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {7160A13D-73DA-4CEA-95B9-37356478588A}. The error: "2" Happened while starting this command: C:\Windows\system32\igfxext.exe -Embedding
04/10/2009 23:52:13, Error: Service Control Manager [7000] - The TOSHIBA Bluetooth Service service failed to start due to the following error: The system cannot find the file specified.
04/10/2009 23:52:13, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================

As regard to a discription of any remaining problems, well the Laptop appears to be running fine. I am able to use all security software. However, as confirmed above the Online Scan clearly suggests that there was an infected item so Im guessing something is still not right

As always, many thanks for your assistance
Regards
Tom

Blade81
2009-10-12, 09:37
Hi Tom,

Download the latest version of Kaspersky Virus Removal Tool (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/)

* Close all other applications and double-click and run the installer.
* When AVPTool starts, select all the scanable items except for CD-ROM drives and click the Scan button.
* If malware is detected, don't remove anything.
* After the scan finishes, don't neutralize anything.
* In the Scan window click the Reports button and select Save to file.
* Name the report AVPT.txt, and save it to the Desktop.
* Close AVPTool.
* You will be prompted if you want to uninstall the program; click Yes.
* You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
* Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Thomas.
2009-10-13, 03:44
Hi Blade - report below

Scan
----
Scanned: 524619
Detected: 0
Untreated: 0
Start time: 12/10/2009 19:47:03
Duration: 04:47:57
Finish time: 13/10/2009 00:35:00


Detected
--------
Status Object
------ ------


By the way, just noticed your from Finland and like football. I'm from Liverpool and an avid fan - Sami Hyppia is a legend :bigthumb:

Thanks
Tom

Blade81
2009-10-13, 09:03
Looks like the scan came back clean. Do you recall what ESET detected earlier? If not, then maybe try to scan again.


By the way, just noticed your from Finland and like football. I'm from Liverpool and an avid fan - Sami Hyppia is a legend :bigthumb:
Yeah, too bad your team let him leave for Leverkusen :laugh:

Thomas.
2009-10-13, 14:52
hi Blade,

the ESET scan definitely confirmed there was an infected object and if I recall referred to it as a variant of the winsystem32 trojan. Unfortunatley, it did not log it. To be sure, I'll arrange a further scan when I get home later

As regard to getting rid of Sami - we need him back desperately :sad:

I will revert to you just as soon as further scan is complete

Thanks
Tom

Blade81
2009-10-13, 19:52
Ok. Shall wait for your report :)

Thomas.
2009-10-14, 02:22
Hi Blade,

Just running the ESET report. It is reporting 1 infected file. Threat found - probably a variant of Win32/Agent Trojan.

I'll post the log when finished but presume it will be similar to the last occassion

Thanks
Tom

Thomas.
2009-10-14, 03:04
Hi Blade,

There was one infected file. The log didnt save again however, I was able to save my own txt file which is posted below:

C:\Program Files\Sports Interactive\Football Manager 2009\fm91_t1.exe probably a variant of Win32/Agent trojan

Thanks
Tom

Blade81
2009-10-14, 07:25
Hi,

Is that original copy of Football Manager 2009 you have installed there? If it is, then finding is most likely a false positive.

Thomas.
2009-10-14, 14:34
Hi Blade,

My lad has confirmed he installed it early in the year (its not now used and has been removed)

However, I certainly did not purchase it for him so have quizzed him as to whether it was an original copy. He assures me that it was but suggests that it was borrowed from a friend!! - In light of the apparent infection, I'm not convinced and have a worrying feeling he is not being entirely honest.

Sorry I cannot be more specific Blade - can you confirm the best way forward?

Thanks
Tom

Blade81
2009-10-14, 20:38
Hi,

If I understood right you removed it so no further action is needed.

I think it's time for the final steps if there're no other problems :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.




Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /u in the runbox and click OK



Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Thomas.
2009-10-14, 22:49
Hi Blade

Correct that FM has been uninstalled so good to to

Just noticed on of your instructions
"Now lets uninstall ComboFix:"

I dont think we have used ComboFix or dont recall installing that. Should we have?

Just wondering

Thanks
tom

Blade81
2009-10-15, 07:27
I dont think we have used ComboFix or dont recall installing that. Should we have? My mistake there :slap: Skip over that step :)

Thomas.
2009-10-19, 00:25
Hi Blade,

Hope your well

Computer running fine now thanks for all your help and assistance. Absolute gem

Thanks and Best Regards,
Tom

Blade81
2009-10-19, 08:44
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.