Completed the two scans. GMER ended with a popup that said "Scan Stopped!". Not sure if that is normal or not but I did not do anything to stop it.
ComboFix 10-06-06.01 - Jon 06/07/2010 19:37:09.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2569 [GMT -7:00]
Running from: c:\documents and settings\Jon\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jon\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FILE ::
"c:\windows\system32\tmp.tmp"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\tmp.tmp
.
((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))
.
2010-06-06 00:35 . 2010-04-13 00:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-05 23:47 . 2010-06-05 23:47 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-05 23:43 . 2010-06-05 23:46 -------- d-----w- c:\documents and settings\Jon\Application Data\Kuyzwe
2010-06-05 20:17 . 2010-06-05 20:17 -------- d-----w- c:\documents and settings\Jon\Application Data\SUPERAntiSpyware.com
2010-06-05 20:16 . 2010-06-05 23:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-29 02:29 . 2010-06-01 06:12 -------- d-----w- C:\AstroGeometry
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 05:46 . 2010-04-09 08:26 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-07 05:46 . 2010-04-09 08:25 87824 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-07 05:46 . 2010-04-09 08:25 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-07 05:46 . 2010-04-09 08:25 15464 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-06-07 05:46 . 2010-04-09 08:25 230360 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-06 00:35 . 2009-06-27 17:06 -------- d-----w- c:\program files\Java
2010-06-06 00:18 . 2009-06-27 17:06 -------- d-----w- c:\program files\Common Files\Java
2010-06-06 00:03 . 2004-08-04 06:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2010-06-05 02:28 . 2009-08-25 05:43 158528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-31 20:52 . 2009-11-02 06:19 -------- d-----w- c:\documents and settings\Jon\Application Data\Odbyzi
2010-05-26 04:53 . 2010-04-23 02:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 04:35 . 2010-04-06 14:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-22 20:31 . 2009-04-28 17:28 -------- d-----w- c:\program files\McAfee
2010-05-02 21:28 . 2010-05-02 05:04 -------- d-----w- c:\program files\Google
2010-05-02 20:23 . 2010-05-02 20:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2010-05-02 17:30 . 2010-05-02 05:04 -------- d-----w- c:\documents and settings\Jon\Application Data\Skype
2010-05-02 15:52 . 2010-05-02 05:15 -------- d-----w- c:\documents and settings\Jon\Application Data\skypePM
2010-05-02 05:15 . 2010-05-02 05:15 48 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-02 05:03 . 2010-05-02 05:03 -------- d-----r- c:\program files\Skype
2010-05-02 05:03 . 2010-05-02 05:03 -------- d-----w- c:\program files\Common Files\Skype
2010-05-02 05:03 . 2010-05-02 05:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-30 14:42 . 2010-04-30 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-04-30 14:40 . 2010-04-23 03:10 -------- d-----w- c:\program files\COMODO
2010-04-30 14:37 . 2010-04-24 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-04-30 14:36 . 2010-04-23 03:10 -------- d-----w- c:\documents and settings\Jon\Application Data\Comodo
2010-04-29 22:39 . 2010-04-23 02:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-04-23 02:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 02:35 . 2010-04-23 02:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-04-23 02:25 . 2010-04-23 02:25 -------- d-----w- c:\documents and settings\Jon\Application Data\Malwarebytes
2010-04-23 02:25 . 2010-04-23 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-17 22:44 . 2010-04-17 22:44 -------- d-----w- c:\program files\Trend Micro
2010-04-16 05:55 . 2010-04-16 04:58 -------- d-----w- c:\program files\Windows Live Safety Center
2010-04-10 04:24 . 2010-04-10 04:24 -------- d-----w- c:\program files\Support Tools
2010-04-10 04:24 . 2009-04-24 23:44 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-10 06:15 . 2004-08-04 07:56 420352 ----a-w- c:\windows\system32\vbscript.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-16_04.34.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-08 02:45 . 2010-06-08 02:45 16384 c:\windows\temp\Perflib_Perfdata_5ac.dat
- 2008-10-22 09:47 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47 . 2010-04-21 13:28 46080 c:\windows\system32\tzchange.exe
- 2004-08-04 06:00 . 2010-04-10 18:55 42112 c:\windows\system32\dllcache\imapi.sys
+ 2004-08-04 06:00 . 2010-06-06 00:03 42112 c:\windows\system32\dllcache\imapi.sys
+ 2010-05-02 05:11 . 2010-05-02 05:11 22528 c:\windows\Installer\8846d.msi
+ 2009-08-07 02:23 . 2009-08-07 02:23 215904 c:\windows\system32\muweb.dll
+ 2010-06-06 00:35 . 2010-04-13 00:29 153376 c:\windows\system32\javaws.exe
+ 2010-06-06 00:35 . 2010-04-13 00:29 145184 c:\windows\system32\javaw.exe
- 2009-09-12 17:14 . 2009-07-25 12:23 145184 c:\windows\system32\javaw.exe
- 2009-09-12 17:14 . 2009-07-25 12:23 145184 c:\windows\system32\java.exe
+ 2010-06-06 00:35 . 2010-04-13 00:29 145184 c:\windows\system32\java.exe
- 2009-04-24 23:42 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
+ 2009-04-24 23:42 . 2010-01-29 15:01 691712 c:\windows\system32\inetcomm.dll
- 2008-06-20 11:08 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
+ 2004-08-04 06:07 . 2010-02-11 12:02 226880 c:\windows\system32\dllcache\tcpip6.sys
- 2009-04-25 10:01 . 2008-04-11 19:04 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2009-04-25 10:01 . 2010-01-29 15:01 691712 c:\windows\system32\dllcache\inetcomm.dll
+ 2010-06-01 17:08 . 2010-06-01 17:08 348160 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-05-02 05:04 . 2010-05-02 05:04 700416 c:\windows\Installer\88464.msi
+ 2010-06-06 00:35 . 2010-06-06 00:35 180224 c:\windows\Installer\2ad1f8.msi
+ 2010-05-02 05:03 . 2010-05-02 05:03 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2010-06-05 19:35 . 2010-06-05 23:47 8420340 c:\windows\system32\Restore\rstrlog.dat
+ 2009-08-13 00:10 . 2010-01-29 15:01 1315328 c:\windows\system32\dllcache\msoe.dll
- 2009-08-13 00:10 . 2009-07-10 13:27 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2010-05-02 05:03 . 2010-05-02 05:03 1575936 c:\windows\Installer\8845f.msi
+ 2010-04-30 14:40 . 2010-04-30 14:40 3651072 c:\windows\Installer\1c391.msi
+ 2010-04-30 14:37 . 2010-04-30 14:37 1516544 c:\windows\Installer\1c38d.msi
+ 2009-04-27 18:02 . 2010-04-30 18:51 32058312 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-05-26 2346192]
"{33417D3A-51C4-0B08-676C-0F42AC85C204}"="c:\documents and settings\Jon\Application Data\Kuyzwe\omzun.exe" [2009-10-17 133146]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-25 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2010-05-07 642856]
"VX6000"="c:\windows\vVX6000.exe" [2009-06-27 759296]
"PSDiagnosticM"="c:\program files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [2007-09-04 315392]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-07 2039240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ubxo.exe [2010-5-20 132687]
c:\documents and settings\Jon\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mirepcmw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 230360]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [9/11/2009 11:39 PM 12032]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [9/11/2009 11:39 PM 39424]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/26/2009 5:21 PM 2069504]
.
Contents of the 'Scheduled Tasks' folder
2010-06-08 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-04-06 21:11]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Jon\Application Data\Mozilla\Firefox\Profiles\7k49vc2y.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sfgate.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-07 19:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\system32\java.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2010-06-07 19:53:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-08 02:53
ComboFix2.txt 2010-06-07 06:22
ComboFix3.txt 2010-04-16 04:37
Pre-Run: 60,252,954,624 bytes free
Post-Run: 60,171,567,104 bytes free
- - End Of File - - AD4898B434D9F9AEB285CFACD04D6697
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-07 20:56:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Jon\LOCALS~1\Temp\fgncrfob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB761D704]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB761CCA8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB761D36A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB761DF58]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB761CB84]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB761FFCC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB762039C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB761C56C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB761D8F0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB761DAE4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB761C35C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB761E67A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB761E8D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB761FA4E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB761CF44]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB761D546]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB761DF48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB761BF3C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB761D1F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB761C162]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB761EAF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB761EF6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB761ED10]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB761E492]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB761F4E2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB761F796]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB761DD20]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB761FD14]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB761E21A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB761CEDE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB761D0E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB761C982]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB761C76C]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 19A 804E49F4 4 Bytes CALL 5778015A
.text ntoskrnl.exe!ZwYieldExecution + 2F6 804E4B50 8 Bytes JMP EF6EB761
? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB99EC000, 0x1C5D58, 0xE8000020]
? C:\DOCUME~1\Jon\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[240] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[928] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 001438BA
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00143A83
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00143B2A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0013508F
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 001351D1
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00133A1B
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00133A58
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00133A7E
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0013AC94
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00134DD2
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00134E96
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00134D8A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00134E65
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00134B96
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00134BEF
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00134E16
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00134CE9
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1620] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00134C48
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] ntdll.dll!NtCreateThread 7C90D1AE 5 Bytes JMP 000838BA
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00083A83
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00083B2A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 0007508F
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 000751D1
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00073A1B
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00073A58
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00073A7E
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] CRYPT32.dll!PFXImportCertStore 77AEFF8F 5 Bytes JMP 0007AC94
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 00074DD2
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!HttpQueryInfoA 3D94878D 5 Bytes JMP 00074E96
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 00074D8A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!InternetQueryDataAvailable 3D94BF7F 5 Bytes JMP 00074E65
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 00074B96
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 00074BEF
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!InternetReadFileExA 3D963381 5 Bytes JMP 00074E16
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!HttpSendRequestExA 3D9BA70A 5 Bytes JMP 00074CE9
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2168] WININET.dll!HttpSendRequestExW 3D9BA763 5 Bytes JMP 00074C48
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CEC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10025DA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10025E40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10025E20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10025D60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10025C60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10025D00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10025D80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10025D40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10025CC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10025CE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10025DC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10025C80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 100234C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 1001CFE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 10025CA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10025BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10025940 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10025BE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 100259A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10025DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025E00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10025C40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10025980 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 100259E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 100259C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10025B80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10025A40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 10025BC0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10025B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10025B60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10025B40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10025A20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10025A00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10025A80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10025AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10025A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10025AA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10025B20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10025960 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10025C20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10026890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 1001F730 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 100265F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 1001FF40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10026DE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10026B00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10027420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 100258C0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 100258E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10025920 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10025900 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100278A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2332] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10027660 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jon\Desktop\gmer.exe[3132] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10025D20 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Jon\Desktop\gm<