Remove-Malware.com Forums

[123zap]

Nyy8, you have to look over the topic. I had him name it random things twice and then 123zap.com witch is an alternate way to run combofix.

[aznboi2o9]

I went in safe mode and then Clicked on Combo-fix.exe and it was successful. However a few minutes later, my computer just shut off.

A little side note: I scanned my computer with MBAM and SAS and it detected nothing.

[123zap]

This is my last automatic tool, the rest is going to be done manually if this doesn't work.

Download RootRepeal from one of the following locations and save it to your desktop:

http://ad13.geekstogo.com/RootRepeal.exe
http://download.bleepingcomputer.com/ro ... Repeal.exe
http://rootrepeal.psikotick.com/RootRepeal.exe

• Double click to start the program
• Click on the Report tab at the bottom of the program window
• Click the button
• In the Select Scan dialog, check:
  
  
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
  • Shadow SSDT
• Click the OK button
• In the next dialog, select all drives showing
• Click OK to start the scan
  Note: The scan can take some time. DO NOT run any other programs while the scan is running
• When the scan is complete, click the button and save the report to your Desktop as RootRepeal.txt
• Go to File, then Exit to close the program

[aznboi2o9]

Did u want me to post the report?

[123zap]

YES, it isn't automatic, I shouldn't have said that.

[aznboi2o9]

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/09/13 16:16
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xEE49D000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7AAA000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP4546
Image Path: \Driver\PCI_PNP4546
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xEBB53000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spou.sys
Image Path: spou.sys
Address: 0xF7343000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\perflib_perfdata_2a4.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\perflib_perfdata_2cc.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\drivers\sfi.dat
Status: Locked to the Windows API!

Path: \\?\C:\Program Files\COMODO\COMODO Internet Security\Quarantine\*
Status: Could not enumerate files with the Windows API (0x00000005)!


Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\netpass.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\35217071-3efc043e
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\35217071-3efc043e.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0277810.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0277810.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0277816.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0277816.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\avz_3704_1.tmp
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\avz_3704_1.tmp.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\avz_3704_1.tmp1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\avz_3704_1.tmp1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\braviax.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cleanup.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cleanup.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cleanup.exe1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cleanup.exe1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Messblack MSN Freezer.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Messblack MSN Freezer.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\msn freezer 4.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\msn freezer 4.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\MSN Phish.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\MSN Phish.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\mspass.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\mspass.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif10
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif10.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif11
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif11.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif12
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif12.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif13
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif13.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif14
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif14.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif15
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif15.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UAC269a.tmp.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACisvaodfian.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACisvaodfian.dll.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACkxmubiqrlp.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACkxmubiqrlp.dll.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACrcaoetgthx.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACrcaoetgthx.dll.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACrgkxnqqlyl.dll
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\UACrgkxnqqlyl.dll.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\VNCPassView.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\VNCPassView.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe3.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe2
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif16
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif5.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\netpass.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe16
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe5.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\PstPassword.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\WirelessKeyView.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\WirelessKeyView.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\wispex.html
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\wispex.html.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\WLM DP Emo Stealer.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\WLM DP Emo Stealer.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\wrar33b1.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\wrar33b1.exe.bak
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\wrar33b1.exe.bak.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\wrar33b1.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\zip.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\zip.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\~.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe6
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe6.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe7
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe7.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe8
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe8.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe9
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe9.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NIRCMD.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NIRCMD.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe2
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe2.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe3
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\rku37300509.exe3.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\SniffPass.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\SniffPass.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Inherit.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Inherit.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\keygen - msn sniffer.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\keygen - msn sniffer.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\krgd7kge.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\krgd7kge.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\launch.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\launch.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ls_rar_v3.x_patch.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ls_rar_v3.x_patch.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\mailpv.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\mailpv.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe10
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe10.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe11
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe11.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe12
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe12.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe13
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe13.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe14
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe15
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe15.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe16
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe16.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe17
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe17.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe18
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe18.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe19
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe19.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe2
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe2.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe20
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe20.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe21
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe21.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe3
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\dialupass.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\dialupass.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FloodControl.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\FloodControl.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe2.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe3
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe3.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe4
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe4.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe5
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe5.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe6
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe6.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe7
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe7.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe8
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe8.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe9
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe9.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe1
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe10
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe10.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe11
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe11.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe12
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe12.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe13
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe13.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe14
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe14.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe15
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe15.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif6
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif6.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif7
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif7.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif8
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif8.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif9
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\n.pif9.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Password finder.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Password finder.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\PstPassword.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\IEDFix.C.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\IEDFix.C.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe4
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe4.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe5
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe5.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe6
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe6.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe7
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe7.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe8
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe8.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe9
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe9.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe16.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe17
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe17.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe18
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe18.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe19
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe19.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe2
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe2.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe20
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe20.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe21
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe21.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe22
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe22.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe23
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe23.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe24
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe24.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe3
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe3.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe4
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe4.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\NirCmd.cfxxe5
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe1.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe10
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe10.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe11
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe11.info
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe12
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe13
Status: Invisible to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine\iexplore.exe13.infoSStealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8596e1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x859dc1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x857c41f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x859701f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x857061f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x857061f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x857061f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x857061f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x857061f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x857061f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x857691f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x853e4500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x853e4500 Size: 121

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a28a

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a9ae

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a3be

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a86e

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a4fe

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a632

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a10a

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69935c

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee699dda

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a76c

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee699b48

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee699c8a

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69982c

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee699094

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee6994de

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69968a

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee699f2a

#: 502 Function Name: NtUserSendInput
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee6999ee

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69a020

#: 529 Function Name: NtUserSetParent
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee699204

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69aa14

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\windows\System32\DRIVERS\cmdguard.sys" at address 0xee69ac48

==EOF==

[123zap]

I have to think.

While you are waiting for me, you can redownload DR. Web and scan again.

[Dieselman]

LOL 123.......................your getting a workout. Nuke the drive and format "C".

[123zap]

Here is the catch Dieselman, I am worried there is a hardware issue. If I nuke his hard drive and he still can't run the CD then what? If you can confirm that I will allow him to reformat, it will still be up to him until I have tried everything, but yes, I am feeling wiped. He has the worst infection on the market.

[123zap]

WAIT, I think I see the rootkits. I didn't pay enough attention to the OTL log. I think I can get a go on this instead of treading water.

Let me know what you think though. If you want to continue, post a new OTL log.