heres the gmerrek.txt:-
GMER 1.0.14.14205 -
http://www.gmer.netRootkit scan 2008-03-25 15:31:02
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB5B11C2E]
SSDT 8AA2D058 ZwAlertResumeThread
SSDT 8A899F40 ZwAlertThread
SSDT 8A992A88 ZwAllocateVirtualMemory
SSDT 8A9A1E20 ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xB5B1184E]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB5A0FEE0]
SSDT 89A60290 ZwCreateMutant
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xB5B110FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xB5B12C94]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB5B11E14]
SSDT 8A957528 ZwCreateThread
SSDT 8A87D0C8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB5A10160]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB5A106C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xB5B10B7C]
SSDT 89A5D2D0 ZwFreeVirtualMemory
SSDT 8A91FB10 ZwImpersonateAnonymousToken
SSDT 8A6DC058 ZwImpersonateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xB5B12934]
SSDT 8A73C3D0 ZwMapViewOfSection
SSDT 8A802A68 ZwOpenEvent
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xB5B11A58]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xB5B108C6]
SSDT 8AA056B8 ZwOpenProcessToken
SSDT 8A917230 ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xB5B10A24]
SSDT 899FE280 ZwOpenThreadToken
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xB5B12792]
SSDT 8A8CBB38 ZwResumeThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xB5B113CE]
SSDT 8A817C10 ZwSetContextThread
SSDT 8A845920 ZwSetInformationProcess
SSDT 8A920FC0 ZwSetInformationThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xB5B12AD4]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB5A10910]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xB5B11580]
SSDT 89A03248 ZwSuspendProcess
SSDT 8A985228 ZwSuspendThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xB5B115E6]
SSDT 8A8E5D50 ZwTerminateProcess
SSDT 8A808AB0 ZwTerminateThread
SSDT 8A8B5BC8 ZwUnmapViewOfSection
SSDT 8A848DA8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
.text TUKERNEL.EXE!ZwYieldExecution + A2 804E48DC 12 Bytes [ 2E, 1C, B1, B5, 58, D0, A2, ... ]
.text TUKERNEL.EXE!ZwYieldExecution + 46A 804E4CA4 12 Bytes [ 48, 32, A0, 89, 28, 52, 98, ... ]
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe[244] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[428] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[508] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[508] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[720] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[720] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[764] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[764] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[776] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[776] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[920] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[920] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00365050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00364F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00364C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003616C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00361540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00361850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00361220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 003613B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 44, 88 ]
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00364950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe[984] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00364AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1040] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1040] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Windows Defender\MsMpEng.exe[1080] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1152] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1252] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1252] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1324] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1324] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[1364] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[1396] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1552] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1552] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[1584] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1584] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00BC5050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00BC4F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00BC1850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00BC1220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00BC13B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ CA, 88 ]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00BC4C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00BC16C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00BC1540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00BC4950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1720] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00BC4AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] OLE32.DLL!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] OLE32.DLL!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\SwiftKit\SwiftKit.exe[1776] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1964] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1964] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2008] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[2144] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2144] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe[2212] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3320] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[3468] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[3468] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[3612] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] USER32.DLL!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] USER32.DLL!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] USER32.DLL!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HEMA\My Documents\My Completed Downloads\gmer\gmer.exe[3628] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\LocalCooling\localcooling.exe[3656] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\LocalCooling\localcooling.exe[3656] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[3664] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3664] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[3676] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] user32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] user32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] user32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe[3692] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] user32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] user32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] user32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AllToTray\ALLTOTRAY.EXE[3704] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3712] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Launchy\Launchy.exe[3740] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Launchy\Launchy.exe[3740] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[5312] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\DAP\DAP.EXE[5968] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DAP\DAP.EXE[5968] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7428950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7428990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7428710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7428770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [01A673CC] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\PROGRA~1\Mozilla Firefox\firefox.exe[588] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01A67376] C:\PROGRA~1\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 010D0CD0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 010D09C0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 010C94C0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 010CAA00
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 010CDB70
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 010CB750
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 010CAD30
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 010CCEB0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 010CFEA0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 010CFEE0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 010D1020
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 010CFAA0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 010CDAD0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 010CC270
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 010CB400
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 010CBCF0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 010D15A0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 010CD200
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 010CD930
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 010CE560
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 010CE040
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 010CE4E0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 010CF000
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 010CE6D0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 010CB0B0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010CC120
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 010CFFC0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 010CE180
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 010CDA70
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 010CD630
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 010CDC80
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 010D1040
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 010CDF80
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 010D12E0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 010D1280
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 010D14D0
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 010D1570
IAT C:\Program Files\DAP\DAP.EXE[5968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 010D13A0
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)
Device \Driver\Tcpip \Device\Ip sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
Device \Driver\Tcpip \Device\Tcp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
Device \Driver\Tcpip \Device\Udp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
Device \Driver\Tcpip \Device\RawIp sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST sbbotdi.sys (Speedbit Driver/SpeedBit Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Ahead Software AG)
---- Registry - GMER 1.0.14 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x6B 0x65 0x49 0x6A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.14 ----
Hers the gmeratous.txt-
GMER 1.0.14.14205 -
http://www.gmer.netAutostart scan 2008-03-25 15:32:08
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = C:\WINDOWS\system32\guard32.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
Automatic LiveUpdate Scheduler@ = "C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
CCALib8@ = C:\Program Files\Canon\CAL\CALMAIN.exe
ccEvtMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
ccSetMgr@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
CLTNetCnService@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
cmdAgent@ = "C:\Program Files\COMODO\Firewall\cmdagent.exe"
InCDsrv@ = C:\Program Files\Ahead\InCD\InCDsrv.exe
LiveUpdate Notice@ = "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Marvell RAID@ = C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
MRUWebService@ = "C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe" -k runservice
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
VideoAcceleratorService@ = C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm
WinDefend@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@ccApp"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
@osCheck"C:\Program Files\Norton AntiVirus\osCheck.exe" = "C:\Program Files\Norton AntiVirus\osCheck.exe"
@COMODO Firewall Pro"C:\Program Files\COMODO\Firewall\cfp.exe" -h = "C:\Program Files\COMODO\Firewall\cfp.exe" -h
@LocalCooling"C:\Program Files\LocalCooling\localcooling.exe" -s = "C:\Program Files\LocalCooling\localcooling.exe" -s
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@Taskbar ShuffleC:\Program Files\Taskbar Shuffle\taskbarshuffle.exe = C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
@AllToTrayC:\Program Files\AllToTray\ALLTOTRAY.EXE = C:\Program Files\AllToTray\ALLTOTRAY.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{0561EC90-CE54-4f0c-9C55-E226110A740C} /*Haali Column Provider*/C:\WINDOWS\system32\mmfinfo.dll = C:\WINDOWS\system32\mmfinfo.dll
@{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} /*Haali Matroska Shell Property Page*/C:\WINDOWS\system32\mmfinfo.dll = C:\WINDOWS\system32\mmfinfo.dll
@{327669A0-59A7-4be9-B99E-1C9F3A57611A} /*Haali Matroska Thumbnail Extractor*/C:\WINDOWS\system32\mmfinfo.dll = C:\WINDOWS\system32\mmfinfo.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" = "C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll"
@{950FF917-7A57-46BC-8017-59D9BF474000} /*Shell Extension for CDRW*/C:\Program Files\Ahead\InCD\incdshx.dll = C:\Program Files\Ahead\InCD\incdshx.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll = C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/C:\Program Files\PowerISO\PWRISOSH.DLL = C:\Program Files\PowerISO\PWRISOSH.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NavShExt.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = C:\PROGRA~1\DAP\PRIVAC~1\DAPCTX~1.DLL
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = C:\Program Files\PowerISO\PWRISOSH.DLL
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = C:\PROGRA~1\NORTON~1\NavShExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{00011268-E188-40DF-A514-835FCD78B1BF}C:\Program Files\IEPro\iepro.dll = C:\Program Files\IEPro\iepro.dll
@{0347C33E-8762-4905-BF09-768834316C61}C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll = C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
@{053F9267-DC04-4294-A72C-58F732D338C0}C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll = C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Reader 8.0\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{6D53EC84-6AAE-4787-AEEE-F4628F01010C}C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll = C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\THE_LO~1.SCR
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Start
Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BAAF050B-00F5-4CA8-B89A-8D2BC30F951F} /*1394 Connection*/ >>>
@IPAddress192.168.1.2 = 192.168.1.2
@NameServer203.94.227.70,203.94.243.70 = 203.94.227.70,203.94.243.70
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D5624540-57CD-4D16-B87F-7463683FBE3F} /*Local Area Connection 2*/ >>>
@IPAddress192.168.1.3 = 192.168.1.3
@NameServer203.94.227.70,203.94.243.70 = 203.94.227.70,203.94.243.70
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
AutorunsDisabled = AutorunsDisabled
Launchy.lnk = Launchy.lnk
---- EOF - GMER 1.0.14 ----
Here the malwarebytes antimalware log:-
Malwarebytes' Anti-Malware 1.09
Database version: 540
Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 114913
Time elapsed: 11 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
And I Haave updated java and adobe reader
And i need azures vuze i use it for torrenting so need it