GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-12 14:57:16 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 SAMSUNG_HD321KJ rev.CP100-11 Running: 6lylp1b5.exe; Driver: D:\DOCUME~1\Karol\USTAWI~1\Temp\pgtdqpoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5FC33A0, 0x8A1A15, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[392] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00533F00 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[392] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054D9A0 D:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO) .text D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077FC60 D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D37F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D37F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D37F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F72D37F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D37F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F72D37B0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D37F0] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F72D3750] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F72D3820] inspect.sys (COMODO Internet Security Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.15 ---- IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0065D2C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0065D6C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0065D750] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0065D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0065DBF0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0065DCB0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0065D580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0065D620] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0065DD70] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0065D2C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0065E030] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0065D6C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0065DD70] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0065D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0065D750] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0065DCB0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0065D310] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [0065E170] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0065E240] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0065E1F0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0065D510] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0065D580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0065D400] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0065D2C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0065DD70] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0065D260] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0065D580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0065DCB0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0065D750] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0065E480] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\USERENV.dll [USER32.dll!GetSystemMetrics] [0065DD70] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0065E610] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0065DB60] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) IAT D:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2124] @ D:\WINDOWS\system32\CRYPT32.dll [USER32.dll!GetSystemMetrics] [0065DD70] D:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) ---- Processes - GMER 1.0.15 ---- Library c:\windows\system32\y (*** hidden *** ) @ D:\WINDOWS\system32\svchost.exe [420] 0x020C0000 Library c:\windows\system32\y (*** hidden *** ) @ D:\WINDOWS\Explorer.EXE [1672] 0x01A50000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0xB9 0xC1 0xDE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xE4 0xB9 0xC1 0xDE ... ---- EOF - GMER 1.0.15 ----