Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google hijacked?


  • This topic is locked This topic is locked
19 replies to this topic

#1 janny53

janny53

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 27 December 2008 - 09:17 AM

Hi
I believe google has been hijacked as it does not give me the search results asked for but send me to other collections of search results.I have followed the instructions on this forum and here are my results -I am hopeful someone will be able to explain- in such terms a novice can understand-how to get things back to normal for me.If I have not done something I should have I apologise but will try to correct it if I am told how to.I use Firefox as my main browser and have mcAffee
Many thanks in advance

Jan


DDS (Version 1.1.0) - NTFSx86
Run by Jan Smith at 14:06:37.10 on 27/12/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.161 [GMT 0:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Jan Smith\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.jansfloridavilla.co.uk/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://uk.yahoo.com
mDefault_Search_URL = hxxp://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
mSearch Page = hxxp://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
mStart Page = hxxp://uk.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6253\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
BHO: EWPP - No File
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6253\SiteAdv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: AIM Search: {40d41a8b-d79b-43d7-99a7-9ee0f344c385} - c:\program files\aim toolbar\AIMBar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [EPSON Stylus DX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &AIM Search - c:\program files\aim toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: LimeShop Preferences - file://c:\program files\limeshop\system\temp\limeshop_script0.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6253\SiteAdv.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = :\windows\system32\srrst

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jansmi~1\applic~1\mozilla\firefox\profiles\2ictdgzt.jan\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.Jansfloridavilla.co.uk
FF - component: c:\program files\siteadvisor\6253\ff\components\FFHook.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
FF - plugin: c:\windows\system32\photosynth\nppsynth.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-7-20 207656]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-8-1 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-7-20 144704]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-22 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-7-20 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-7-20 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-7-20 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-7-20 40488]
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 ambitucm;Ambit USB Cable Modem NDIS Driver;c:\windows\system32\drivers\ambitucm.sys [2003-8-27 14974]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\Brfilt.sys [2005-2-1 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2005-2-1 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2005-2-1 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2005-2-1 10368]
S3 DCamUSBUVT;ICM532A;c:\windows\system32\drivers\usbuvt.sys [2004-5-15 95232]
S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-7-28 31592]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-7-20 34152]

=============== Created Last 30 ================

2008-12-27 12:50 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 12:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-27 12:08 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-27 12:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-27 11:05 <DIR> --d----- c:\docume~1\jansmi~1\applic~1\AdwareAlert
2008-12-27 11:05 <DIR> --d----- c:\program files\AdwareAlert
2008-12-27 09:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-27 09:45 <DIR> --d----- c:\docume~1\jansmi~1\applic~1\SUPERAntiSpyware.com

==================== Find3M ====================

2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-17 20:04 2,306,113 a------- c:\windows\system32\GPhotos.scr
2008-10-28 15:08 155,694 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2008-10-28 15:08 79,359 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 11:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 -------- c:\windows\system32\dllcache\strmdll.dll
2008-07-06 13:16 32 a----r-- c:\documents and settings\all users\hash.dat
2005-11-05 12:44 774,144 ac------ c:\program files\RngInterstitial.dll

============= FINISH: 14:08:18.64 ===============

Attached Files


Edited by janny53, 28 December 2008 - 04:15 AM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 03 January 2009 - 10:29 PM

Hello, janny53
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • OTViewIt.txt
  • Extra.txt
  • GMER's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 04 January 2009 - 05:21 AM

Hi Billy firstly thank you so much for giving me your time .I did all you requested and when I posted I got a message saying I had used an out of date version of Hijack this and to run it again and post so I have added that log too.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:26, on 04/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\AIM6\aolsoftware.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\DOCUME~1\JANSMI~1\LOCALS~1\Temp\Temporary Directory 1 for gmer(2).zip\gmer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jansfloridavilla.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1843048.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...003/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\SYSTEM32\bgsvcgen.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe

--
End of file - 10342 bytes




OTViewIt logfile created on: 04/01/2009 10:19:51 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jan Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 116.26 Mb Available Physical Memory | 22.80% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.33% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 52.44 Gb Free Space | 70.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JANSMACHINE
Current User Name: Jan Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brsvc01a.exe
[2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brss01a.exe
[2008/07/11 17:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
[2007/03/30 15:42:50 | 00,036,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
[2005/03/07 19:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAEE.EXE
[2008/10/31 19:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
[2008/12/04 13:50:00 | 01,809,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe
[2005/04/30 16:49:49 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE
[2004/02/18 17:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\E_S00RP1.EXE
[2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
[2007/10/08 21:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
[2004/04/29 16:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SAgent4.exe
[2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2008/12/19 13:49:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/04 09:37:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan Smith\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/04/30 17:02:26 | 00,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\SYSTEM32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
[2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
[2005/04/30 16:49:49 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE -- (C-DillaCdaC11BA [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/02/18 17:03:00 | 00,065,536 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\E_S00RP1.EXE -- (EPSON_PM_RPCV2_01 [Auto | Running])
[2008/06/26 09:25:00 | 00,031,592 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
[2007/01/04 01:40:21 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/07/30 09:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
[2008/06/20 12:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
[2008/07/09 13:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
[2008/06/20 04:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
[2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
[2008/07/09 16:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService [Auto | Running])
[2003/03/21 15:32:42 | 02,138,183 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService [Auto | Stopped])
[2004/04/29 16:07:00 | 00,122,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\SYSTEM32\SAgent4.exe -- (StatusAgent4 [Auto | Running])
[2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Disabled | Stopped])
[2001/11/12 05:40:02 | 00,014,974 | R--- | M] (Ambit Microsystems Corp) -- C:\WINDOWS\SYSTEM32\DRIVERS\ambitucm.sys -- (ambitucm [On_Demand | Stopped])
[2008/04/13 18:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
[2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Disabled | Stopped])
[2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Disabled | Stopped])
[2003/05/23 11:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2001/08/17 13:12:12 | 00,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrFilt.sys -- (brfilt [On_Demand | Stopped])
[2003/03/14 00:04:20 | 00,061,952 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrSerWdm.sys -- (BrSerWDM [On_Demand | Stopped])
[2001/08/17 13:12:20 | 00,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbMdm.sys -- (BrUsbMdm [On_Demand | Stopped])
[2001/08/17 13:12:22 | 00,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\BrUsbScn.sys -- (BrUsbScn [On_Demand | Stopped])
[2005/04/30 16:49:44 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS -- (CdaC15BA [Auto | Running])
[2006/10/05 02:42:42 | 00,002,432 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2006/10/05 02:42:42 | 00,002,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Disabled | Stopped])
[2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Disabled | Stopped])
[2002/07/10 20:13:00 | 00,095,232 | ---- | M] (IC Media Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbuvt.sys -- (DCamUSBUVT [On_Demand | Stopped])
[2004/08/04 02:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/08/13 01:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 11:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC [On_Demand | Stopped])
[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2002/10/29 15:38:10 | 00,170,499 | ---- | M] (Conexant Systems) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2002/10/29 15:37:36 | 01,175,536 | ---- | M] (Conexant Systems) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/08/04 05:29:36 | 00,161,020 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x [On_Demand | Stopped])
[2004/08/04 05:29:37 | 00,012,415 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0 [On_Demand | Stopped])
[2004/08/04 05:29:37 | 00,012,127 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1 [On_Demand | Stopped])
[2004/08/04 05:29:37 | 00,011,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2 [On_Demand | Stopped])
[2004/08/04 05:29:47 | 00,012,063 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3 [On_Demand | Stopped])
[2004/08/04 05:29:49 | 00,019,455 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4 [On_Demand | Stopped])
[2004/08/04 05:29:41 | 00,029,311 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0 [On_Demand | Stopped])
[2004/08/04 05:29:42 | 00,019,551 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1 [On_Demand | Stopped])
[2004/08/04 05:29:43 | 00,033,599 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3 [On_Demand | Stopped])
[2004/08/04 05:29:45 | 00,023,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4 [On_Demand | Stopped])
[2005/10/19 07:59:12 | 00,807,998 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
[2008/04/13 18:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\kbdhid.sys -- (kbdhid [System | Running])
[2002/10/07 08:29:48 | 00,011,027 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/04/13 18:36:41 | 00,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\mf.sys -- (mf [On_Demand | Stopped])
[2008/06/27 05:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk [System | Running])
[2008/06/20 04:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk [On_Demand | Running])
[2008/06/27 05:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
[2008/06/02 13:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys -- (MPFP [System | Running])
[2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Disabled | Stopped])
[2004/08/04 05:29:54 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
[2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2002/08/29 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2008/04/07 23:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Disabled | Stopped])
[2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Disabled | Stopped])
[2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Disabled | Stopped])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 10:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 18:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
[2003/02/28 08:17:18 | 00,545,024 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys -- (smwdm [On_Demand | Running])
[2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Disabled | Stopped])
[2004/07/14 10:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/07/14 10:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Disabled | Stopped])
[2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Disabled | Stopped])
[2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Disabled | Stopped])
[2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Disabled | Stopped])
[2003/03/21 15:23:04 | 00,086,896 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Teefer.sys -- (Teefer [Boot | Running])
[2004/08/13 00:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/08/13 00:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/08/13 00:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/08/13 00:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/08/13 00:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/08/13 00:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/08/13 00:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/08/13 00:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/08/13 00:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Disabled | Stopped])
[2008/04/13 18:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
[2008/04/13 18:45:36 | 00,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
[2002/01/07 12:29:40 | 00,008,023 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wg3n.sys -- (wg3n [Auto | Running])
[2002/10/29 15:31:28 | 00,604,240 | ---- | M] (Conexant Systems) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/03/21 15:24:54 | 00,015,360 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wpsdrvnt.sys -- (wpsdrvnt [System | Running])
[2002/08/29 04:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [System | Running])
[2003/04/15 09:40:54 | 00,113,504 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped])
[2003/04/15 09:40:46 | 00,078,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://uk.yahoo.com
"Default_Search_URL"=http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Search Page"=http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
"Secondary Start Pages"=
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://uk.yahoo.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Page_Transitions"=
"Search Page"=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
"SearchDefaultBranded"=
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.jansfloridavilla.co.uk/

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"AutoSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/saautosearch.aspx
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (732 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{089FD14D-132B-48FC-8861-0048AE113215} (HKLM) -- C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (HKLM) -- C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (HKLM) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" (HKLM) -- C:\Program Files\SiteAdvisor\6253\SiteAdv.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{40D41A8B-D79B-43D7-99A7-9EE0F344C385}" (HKLM) -- C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" (HKLM) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
"SiteAdvisor"=C:\Program Files\SiteAdvisor\6172\SiteAdv.exe (McAfee, Inc.)
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe /boot (Simply Super Software)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"EPSON Stylus DX4200 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /M "Stylus DX4200" /EF "HKCU" (SEIKO EPSON CORPORATION)
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&AIM Search: C:\Program Files\AIM Toolbar\AIMBar.dll [2005/05/29 08:55:42 | 00,172,032 | ---- | M] (America Online, Inc)
Add to Google Photos Screensa&ver: C:\WINDOWS\SYSTEM32\GPhotos.scr [2008/11/17 20:04:25 | 02,306,113 | ---- | M] (Google Inc.)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/06/09 13:39:38 | 00,552,960 | ---- | M] ()
LimeShop Preferences: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [2007/07/12 03:00:35 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}: Button: AIM -- %ProgramFiles%\AIM\aim.exe [2004/08/10 15:37:28 | 00,061,440 | ---- | M] (America Online, Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
: msn in My Computer
23 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{1230CB21-C88D-11CF-B347-000000000000}: http://www.eingang69.de/EroticAccess/Cabs/1843048.cab -- Reg Error: Key does not exist or could not be opened.
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{5ED80217-570B-4DA9-BF44-BE107C0EC166}: http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab -- Windows Live Safety Center Base Module
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{B9191F79-5613-4C76-AA2A-398534BB8999}: http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}: -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_01
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_02
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_04
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}: http://download.mcafee.com/molbin/iss-loc/...003/mcfscan.cab -- McFreeScan Class
DirectAnimation Java Classes: file://C:\WINDOWS\Java\classes\dajava.cab -- Reg Error: Key does not exist or could not be opened.
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{0BA79228-9D30-4548-9C5C-466349F421CA} (Servers: | Description: Ambit USB Cable Modem)
{8CE03B9F-836D-490E-9646-4057E62BA50C} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{90C14A5B-8930-4AB5-9376-44A700B33D7E} (Servers: | Description: )
{F5DC4430-11CF-4C0D-844C-C181552C1581} (Servers: | Description: Ambit USB Cable Modem)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\SYSTEM32\igfxsrvc.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2002/09/03 07:59:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/01/04 10:19:39 | 00,206,848 | ---- | C] () -- C:\Documents and Settings\Jan Smith\My Documents\GMER 1.doc
[2009/01/04 10:15:34 | 00,000,000 | ---D | C] -- C:\hijack this
[2009/01/04 10:13:52 | 00,318,369 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\HiJackThis.zip
[2009/01/04 09:50:39 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/04 09:50:35 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/04 09:50:35 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/04 09:50:34 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/01/04 09:50:34 | 00,811,008 | R--- | C] () -- C:\WINDOWS\gmer.exe
[2009/01/04 09:50:14 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\gmer(2).zip
[2009/01/04 09:48:27 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\gmer.zip
[2009/01/04 09:37:39 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan Smith\Desktop\OTViewIt.exe
[2009/01/02 19:11:12 | 00,131,584 | ---- | C] () -- C:\Documents and Settings\Jan Smith\My Documents\Doc1.doc
[2008/12/29 14:29:31 | 03,063,739 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\Las Vegas Guide.pdf
[2008/12/28 19:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan Smith\Desktop\Autoruns
[2008/12/28 19:43:07 | 00,577,646 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\Autoruns.zip
[2008/12/27 20:46:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2008/12/27 19:46:50 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2008/12/27 19:46:50 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2008/12/27 19:46:50 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2008/12/27 19:46:50 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/12/27 19:46:50 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2008/12/27 19:46:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2008/12/27 19:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan Smith\My Documents\Simply Super Software
[2008/12/27 19:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan Smith\Application Data\Simply Super Software
[2008/12/27 19:46:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2008/12/27 19:45:27 | 08,167,272 | ---- | C] (Simply Super Software ) -- C:\Documents and Settings\Jan Smith\Desktop\trjsetup675.exe
[2008/12/27 18:05:17 | 00,043,008 | ---- | C] () -- C:\Documents and Settings\Jan Smith\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2008/12/27 18:04:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan Smith\Application Data\Malwarebytes
[2008/12/27 18:04:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/27 18:04:04 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/27 18:04:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/27 18:04:00 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/27 14:06:03 | 00,369,624 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\dds.scr
[2008/12/27 12:50:34 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/27 12:09:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/12/27 12:08:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/27 12:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg8
[2008/12/27 09:45:52 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/27 09:45:34 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/12/27 09:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Jan Smith\Application Data\SUPERAntiSpyware.com
[2008/12/27 09:43:28 | 05,780,000 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\SUPERAntiSpyware.exe
[2008/12/23 16:49:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/12/23 15:17:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/23 15:14:14 | 23,804,784 | ---- | C] () -- C:\Documents and Settings\Jan Smith\Desktop\aaw2008.exe

========== Files - Modified Within 30 Days ==========

[11 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/01/04 10:19:40 | 00,206,848 | ---- | M] () -- C:\Documents and Settings\Jan Smith\My Documents\GMER 1.doc
[2009/01/04 10:13:53 | 00,318,369 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\HiJackThis.zip
[2009/01/04 09:50:39 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/01/04 09:50:35 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/01/04 09:50:35 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/01/04 09:50:34 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/01/04 09:50:14 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\gmer(2).zip
[2009/01/04 09:48:28 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\gmer.zip
[2009/01/04 09:37:52 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan Smith\Desktop\OTViewIt.exe
[2009/01/04 01:36:11 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\Jan Smith\My Documents\My Sharing Folders.lnk
[2009/01/03 11:10:49 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2009/01/02 19:11:15 | 00,131,584 | ---- | M] () -- C:\Documents and Settings\Jan Smith\My Documents\Doc1.doc
[2009/01/01 01:00:20 | 00,000,360 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2008/12/29 14:29:14 | 03,063,739 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\Las Vegas Guide.pdf
[2008/12/29 12:00:00 | 00,000,268 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2008/12/28 19:43:09 | 00,577,646 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\Autoruns.zip
[2008/12/27 20:00:38 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/12/27 19:59:44 | 00,028,985 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2008/12/27 19:58:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/27 19:58:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/12/27 19:58:23 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/27 19:46:12 | 08,167,272 | ---- | M] (Simply Super Software ) -- C:\Documents and Settings\Jan Smith\Desktop\trjsetup675.exe
[2008/12/27 18:05:21 | 00,043,008 | ---- | M] () -- C:\Documents and Settings\Jan Smith\My Documents\Logfile of Trend Micro HijackThis v2.doc
[2008/12/27 14:06:08 | 00,369,624 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\dds.scr
[2008/12/27 14:04:34 | 00,062,976 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/27 09:45:52 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/12/27 09:44:12 | 05,780,000 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\SUPERAntiSpyware.exe
[2008/12/23 18:36:46 | 00,000,864 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/12/23 18:36:46 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2008/12/23 18:36:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2008/12/23 15:16:28 | 23,804,784 | ---- | M] () -- C:\Documents and Settings\Jan Smith\Desktop\aaw2008.exe
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 06:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/09 23:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


OTViewIt Extras logfile created on: 04/01/2009 10:19:51 - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Jan Smith\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

510.00 Mb Total Physical Memory | 116.26 Mb Available Physical Memory | 22.80% Memory free
1.22 Gb Paging File | 0.64 Gb Available in Paging File | 52.33% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 52.44 Gb Free Space | 70.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JANSMACHINE
Current User Name: Jan Smith
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=0
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/12/08 22:50:04 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger
[2004/08/10 15:37:28 | 00,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 00:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger
[2008/04/14 00:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\SYSTEM32\P2P Networking\P2P Networking.exe:*:Enabled:P2P Networking
File not found -- C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger
[2008/04/17 12:19:55 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player
[1997/06/03 19:44:04 | 00,631,808 | ---- | M] (FTPx Corp.) -- C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application
File not found -- C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe:*:Enabled:Ad-Aware SE Personal
[2004/12/08 22:50:04 | 00,067,160 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger
[2004/08/10 15:37:28 | 00,061,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
File not found -- C:\DOCUME~1\JANSMI~1\LOCALS~1\Temp\Temporary Directory 1 for ref 7119606.zip\ref 7119606.exe:*:ENABLED:0
File not found -- C:\DOCUME~1\JANSMI~1\LOCALS~1\Temp\Temporary Directory 2 for ref 7119606.zip\ref 7119606.exe:*:ENABLED:0
File not found -- C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:YServer Module
[2008/04/13 18:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Tesco internet phone\TescoIP.exe:*:Enabled:Tesco internet phone
[2008/04/14 00:12:18 | 00,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test
[2008/04/14 00:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\rundll32.exe:*:Enabled:Run a DLL as an App
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2006/03/30 20:27:22 | 05,789,240 | ---- | M] (VoipCheap) -- C:\Program Files\VoipCheap\voipcheap.exe:*:Disabled:VoipCheap
File not found -- D:\Setup.exe:*:Enabled:Setup Wizard of WRT54GR
[2006/11/03 07:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/10/31 19:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/12/19 13:49:33 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/07/30 09:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/07/18 07:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
[2007/10/18 10:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 16:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]
[2008/04/14 00:11:58 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\msdaipp.dll msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/12/04 21:02:24 | 00,927,008 | ---- | M] () C:\Program Files\SiteAdvisor\6253\SiteAdv.dll (siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} (HKLM) [Reg Error: Value does not exist or could not be read.])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Premium
"{00030409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{08CA9554-B5FE-4313-938F-D4A417B81175}"=QuickTime
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}"=Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300"=Canon iP4300
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}"=Dell Picture Studio - Dell Image Expert
"{1767F7EA-F791-4D1B-B447-E5945AD88426}"=Quick PDF
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}"=Google Earth
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email
"{24ED4D80-8294-11D5-96CD-0040266301AD}"=FinePixViewer Ver.5.3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}"=EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}"=EPSON Image Clip Palette
"{31DED3ED-64E6-48B7-B573-469A8F15E884}"=Jasc After Shot
"{3248F0A8-6813-11D6-A77B-00B0D0150010}"=J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}"=J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}"=iTunes
"{3FD3DF65-694C-4F71-97BA-1A70BB2B8B9C}"=ICM532
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{5490882C-6961-11D5-BAE5-00E0188E010B}"=FUJIFILM USB Driver
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}"=EPSON Easy Photo Print
"{67EDD823-135A-4D59-87BD-950616D6E857}"=EPSON Copy Utility 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}"=EPSON Web-To-Page
"{8A708DD8-A5E6-11D4-A706-000629E95E20}"=Intel® Extreme Graphics Driver
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}"=Help and Support Customization
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}"=DVDSentry
"{9FCB2876-554D-491D-A2CD-58F8252D6C64}"=Ink
"{A654A805-41D9-40C7-AA46-4AF04F044D61}"=Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}"=PaperPort 8.0 SE
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}"=ImageMixer VCD2 LE for FinePix
"{B3076A28-345A-4d89-90A3-B68866C0DFB8}"=eFax Messenger 4.3
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B8AD8B32-8DAF-4EB8-B9BD-DDAB5E090D69}"=DocuCom PDF Driver
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}"=PIF DESIGNER
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus®
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}"=Paint Shop Pro 7
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E86BC406-944E-41F6-ADE6-2C136734C96B}"=EPSON File Manager
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2"=Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6"=AIM 6
"AOL Instant Messenger"=AOL Instant Messenger
"Canon iP4300 User Registration"=Canon iP4300 User Registration
"CCleaner"=CCleaner (remove only)
"CdaC13Ba"=SafeCast Shared Components
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702"=Conexant SmartHSFi V92 56K DF PCI Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"CutePDF Writer Installation"=CutePDF Writer 2.7
"Driving Test Success All Tests_is1"=Driving Test Success 2006/7
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox"=Canon Utilities Easy-PrintToolBox
"Easy-WebPrint"=Easy-WebPrint
"EOS Utility"=Canon Utilities EOS Utility
"EPSON Printer and Utilities"=EPSON Printer Software
"EPSON Scanner"=EPSON Scan
"ESDX4800_4200 User's Guide"=ESDX4800_4200 User's Guide
"FTP Explorer"=FTP Explorer
"GoogleVideoViewer"=Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}"=EPSON Attach To Email
"InstallShield_{31DED3ED-64E6-48B7-B573-469A8F15E884}"=Jasc After Shot
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint"=CD-LabelPrint
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Mozilla Thunderbird (2.0.0.19)"=Mozilla Thunderbird (2.0.0.19)
"MSC"=McAfee SecurityCenter
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PDFCoreSetup"=DocuCom PDFCore (remove only)
"PhotoStitch"=Canon Utilities PhotoStitch
"Picasa 3"=Picasa 3
"PIXresizer_is1"=PIXresizer 1.0.7
"RealPlayer 6.0"=RealPlayer
"Shockwave"=Shockwave
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"TeamSpeak 2 RC2_is1"=TeamSpeak 2 RC2
"Trojan Remover_is1"=Trojan Remover 6.7.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp (remove only)
"Windows Live OneCare safety scanner"=Windows Live OneCare safety scanner
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinZip"=WinZip
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/12/2008 14:06:41 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/12/2008 17:21:30 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/12/2008 10:07:24 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/12/2008 10:12:59 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/12/2008 10:49:10 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/12/2008 10:50:30 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/12/2008 10:57:25 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 23/12/2008 11:00:16 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 25/12/2008 16:54:10 | Computer Name = JANSMACHINE | Source = Application Hang | ID = 1002
Description = Hanging application thunderbird.exe, version 1.8.20081.10519, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 02/01/2009 17:52:36 | Computer Name = JANSMACHINE | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

[ System Events ]
Error - 27/12/2008 15:39:55 | Computer Name = JANSMACHINE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 27/12/2008 15:39:55 | Computer Name = JANSMACHINE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 27/12/2008 15:40:24 | Computer Name = JANSMACHINE | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.100,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 27/12/2008 15:53:25 | Computer Name = JANSMACHINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARTIN-PHW8E3X6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{8CE03B9F-836. The master browser is stopping or an election is being
forced.

Error - 27/12/2008 15:59:30 | Computer Name = JANSMACHINE | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 27/12/2008 15:59:54 | Computer Name = JANSMACHINE | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 192.168.1.100,
since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
please
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 27/12/2008 16:00:32 | Computer Name = JANSMACHINE | Source = NetBT | ID = 4321
Description = The name "MSHOME :1d" could not be registered on the Interface
with IP address 192.168.1.100. The machine with the IP address 192.168.1.106 did
not allow the name to be claimed by this machine.

Error - 27/12/2008 16:13:04 | Computer Name = JANSMACHINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARTIN-PHW8E3X6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{8CE03B9F-836. The master browser is stopping or an election is being
forced.

Error - 27/12/2008 18:39:41 | Computer Name = JANSMACHINE | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MARTIN-PHW8E3X6 that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{8CE03B9F-836. The master browser is stopping or an election is being
forced.

Error - 29/12/2008 03:58:28 | Computer Name = JANSMACHINE | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.


< End of report >



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-04 10:10:21
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF89B2B30]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF89B2850]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEF604F20]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEF5479CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEF547A63]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEF54797B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEF54798F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEF547A77]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEF547AA3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEF547B11]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEF547AFB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEF547B3D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEF547A4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEF547953]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEF547967]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEF5479E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEF547B79]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEF547AE5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEF547ACF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEF547A8D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEF547B65]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEF547B51]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEF5479B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEF5479A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEF547AB9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEF547B27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEF547A22]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEF5479F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EF5479FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EF547A53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EF547AD3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EF5479D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EF5479A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EF547A67 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EF547B7D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EF547B15 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EF547957 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EF5479E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EF547ABD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EF547A26 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EF547993 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EF54796B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EF547B41 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EF547AFF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EF547AA7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EF547A7B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EF54797F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EF5479BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EF547B2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EF547AE9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EF547A91 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EF547B55 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EF547B69 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text tcpip.sys!IPTransmit + 10FC EF6B7D3A 6 Bytes CALL F84F3490 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 EF6B9690 6 Bytes CALL F84F3490 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 EF6CF454 6 Bytes CALL F84F3490 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F7D143FD 7 Bytes CALL F84F35B4 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[120] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070069
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F7E
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F9B
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070097
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070086
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700DE
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700C3
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F2A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F4F
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700B2
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FCD
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060014
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC007D
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F55
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00D3
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00B8
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BC0F1F
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BC0F3A
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BB002F
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BB006C
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BB005B
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BB004A
.text C:\WINDOWS\system32\lsass.exe[684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FE5
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F81
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F92
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F55
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F66
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D3
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00B8
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F15
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0091
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A002F
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FDB
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290011
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290051
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003A0000
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02480FE5
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02480091
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02480F9C
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02480FAD
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02480076
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02480FCA
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024800D3
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024800C2
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02480124
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02480109
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0248013F
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02480051
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02480000
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02480F8B
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02480036
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02480025
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024800F8
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02470025
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02470065
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02470FDE
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02470014
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0247004A
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02470FEF
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02470FA8
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 67, 8A ]
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02470FB9
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F81
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00076
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0005B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D0002F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F66
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D000A2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000F5
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000DA
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D00F41
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D00087
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D00014
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D000C9
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF0043
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF0028
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0F7C
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0F8D
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03930FEF
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03930F8A
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03930F9B
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03930069
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03930058
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0393002C
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03930F79
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 039300B5
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03930112
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03930101
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03930F5E
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0393003D
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03930000
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0393009A
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0393001B
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03930FC0
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 039300E6
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02D80025
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02D80F72
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02D80FD4
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02D8000A
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02D80F83
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02D80FEF
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02D80F94
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F8, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02D80FAF
.text C:\WINDOWS\System32\svchost.exe[1040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D60000
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02D90000
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02D90FEF
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02D90FDE
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02D90FCD
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00890000
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00890047
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00890F48
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00890022
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00890F6F
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00890F94
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00890069
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00890058
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00890EEB
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00890084
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00890EDA
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00890011
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00890FE5
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00890F2D
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00890FAF
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00890FC0
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00890F10
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00880FE5
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0088006C
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00880036
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0088001B
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00880FAF
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00880051
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00880FCA
.text C:\WINDOWS\System32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0086000A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D4009F
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D4008E
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40073
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40062
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D40FCA
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D400DC
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D400C1
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D40F79
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D40108
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D4012D
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D40051
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D4001B
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D400B0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D40FDB
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D4002C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D400ED
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AD0036
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AD0073
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AD0025
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AD000A
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AD0FB6
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00AD0062
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AD0051
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0000
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00AE0FDE
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00AE0FC3
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00AE0FB2
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0058
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F63
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0047
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0036
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0FA5
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB008E
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB007D
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0F06
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB009F
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00BA
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0F8A
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB0000
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0F52
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0FB6
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB0011
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB0F21
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00040
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00011
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00065
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00000
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D00FC3
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F0, 88 ]
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D1000A
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D1002F
.text C:\WINDOWS\Explorer.EXE[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0F99
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0FAA
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0084
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0073
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0047
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB00B3
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F6B
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00D5
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F46
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CB00E6
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CB0062
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CB0F88
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CB002C
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CB001B
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CB00C4
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CA002F
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CA0F8A
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CA0014
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CA0051
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CA0FB9
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes JMP 50C03388
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CA0040
.text C:\WINDOWS\System32\svchost.exe[1624] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80FEF

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\MPFP \Device\MPFP wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----


Many thanks
Jan

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 04 January 2009 - 11:02 AM

Hello, janny53

Hi Billy firstly thank you so much for giving me your time .I did all you requested and when I posted I got a message saying I had used an out of date version of Hijack this and to run it again and post so I have added that log too.

I don't need a HJT log most posts, if that helps :thumbsup:

We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    :files
    c:\program files\AdwareAlert
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • OTMoveIt3's Log
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 04 January 2009 - 04:03 PM

Here you are Billy
Jan




========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ not found.
========== FILES ==========
File/Folder c:\program files\AdwareAlert not found.




OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01042009_210101
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3735 (20090104)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=fb60a3e891f22c47889cf01f9c1b6197
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-04 08:52:47
# local_time=2009-01-04 08:52:47 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=456768
# found=2
# scan_time=8853
C:\Documents and Settings\Jan Smith\Application Data\Thunderbird\Profiles\o8zyai1z.default\Mail\Local Folders\Junk HTML/Bankfraud.PD trojan (contained infected files) 876832DB15F59BD43B26678440CE0AD7
C:\Documents and Settings\Jan Smith\Application Data\Thunderbird\Profiles\o8zyai1z.default\Mail\Local Folders\Junk »MIME »part000.htm HTML/Bankfraud.PD trojan (unable to clean - deleted) 00000000000000000000000000000000

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 04 January 2009 - 07:26 PM

Hello :thumbsup:

Are things any better?

If not, please rename GMER to something random like "Cookie.exe" and post a fresh log with it :)

Thanks!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 05 January 2009 - 04:15 AM

Hi Billy
Things are still the same I'm afraid
here is the new log .
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-05 09:10:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF89B2B30]
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF89B2850]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEF604F20]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEF5479CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEF547A63]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEF54797B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEF54798F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEF547A77]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEF547AA3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEF547B11]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEF547AFB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEF547B3D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEF547A4F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEF547953]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEF547967]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEF5479E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEF547B79]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEF547AE5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEF547ACF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEF547A8D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEF547B65]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEF547B51]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEF5479B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEF5479A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEF547AB9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEF547B27]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEF547A22]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEF5479F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP EF5479FB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 80568D59 5 Bytes JMP EF547A53 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP EF547AD3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP EF5479D1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP EF5479A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8057065D 5 Bytes JMP EF547A67 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP EF547B7D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 7 Bytes JMP EF547B15 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP EF547957 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP EF5479E5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80572889 7 Bytes JMP EF547ABD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP EF547A26 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP EF547993 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP EF54796B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP EF547B41 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP EF547AFF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80592D5C 7 Bytes JMP EF547AA7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805952CA 7 Bytes JMP EF547A7B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 5 Bytes JMP EF54797F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP EF5479BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP EF547B2B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP EF547AE9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP EF547A91 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP EF547B55 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP EF547B69 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
.text tcpip.sys!IPTransmit + 10FC EF6B7D3A 6 Bytes CALL F84F3490 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPTransmit + 2A52 EF6B9690 6 Bytes CALL F84F3490 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text tcpip.sys!IPRegisterProtocol + 930 EF6CF454 6 Bytes CALL F84F3490 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
.text wanarp.sys F7D143FD 7 Bytes CALL F84F35B4 Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User code sections - GMER 1.0.14 ----

.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[120] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[120] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[608] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0141F650 C:\Program Files\SiteAdvisor\6172\saPlugin.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[608] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00070069
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070F7E
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00070058
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00070F9B
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00070097
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00070086
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000700DE
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000700C3
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00070F2A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00070F4F
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00070FCA
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 000700B2
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00060FCD
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00060014
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[672] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0004000A
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0000
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F94
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC007D
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0062
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC002C
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0F55
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F72
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00D3
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00B8
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BC0F1F
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BC0047
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC0FE5
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BC0F83
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BC0FCA
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\lsass.exe[684] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BC0F3A
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BB002F
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BB006C
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BB0FB9
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00BB005B
.text C:\WINDOWS\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BB004A
.text C:\WINDOWS\system32\lsass.exe[684] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B90FE5
.text C:\Program Files\Mozilla Firefox\firefox.exe[748] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 10002E30
.text C:\Program Files\Mozilla Firefox\firefox.exe[748] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10002D90
.text C:\Program Files\Mozilla Firefox\firefox.exe[748] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100029A0
.text C:\Program Files\Mozilla Firefox\firefox.exe[748] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100027F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[748] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100024F0
.text C:\Program Files\Mozilla Firefox\firefox.exe[748] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10002D44
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F81
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F92
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0040
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F55
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F66
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00D3
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A00B8
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 001A0F15
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 001A0091
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 001A002F
.text C:\WINDOWS\System32\svchost.exe[796] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 001A0F3A
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00290062
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00290FDB
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00290011
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00290051
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00290000
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00290036
.text C:\WINDOWS\System32\svchost.exe[796] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00290FAF
.text C:\WINDOWS\System32\svchost.exe[796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 003A0000
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02480FE5
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02480091
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02480F9C
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02480FAD
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02480076
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02480FCA
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 024800D3
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 024800C2
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02480124
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02480109
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 0248013F
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02480051
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02480000
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02480F8B
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02480036
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02480025
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 024800F8
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02470025
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02470065
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02470FDE
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02470014
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 0247004A
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02470FEF
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02470FA8
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 67, 8A ]
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02470FB9
.text C:\WINDOWS\system32\svchost.exe[860] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02450000
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F81
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00076
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0005B
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00F9E
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D0002F
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F66
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D000A2
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D000F5
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D000DA
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D00F41
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D00087
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D00014
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D000C9
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CF0FA8
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CF0043
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CF0FB9
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CF0FDE
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CF0028
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CF0F7C
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ EF, 88 ]
.text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CF0F8D
.text C:\WINDOWS\system32\svchost.exe[944] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0FE5
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03930FEF
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03930F8A
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03930F9B
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03930069
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03930058
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0393002C
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 03930F79
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 039300B5
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03930112
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03930101
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 03930F5E
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0393003D
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03930000
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 0393009A
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 0393001B
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 03930FC0
.text C:\WINDOWS\System32\svchost.exe[1040] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 039300E6
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02D80025
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02D80F72
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02D80FD4
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02D8000A
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02D80F83
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02D80FEF
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 02D80F94
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F8, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1040] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02D80FAF
.text C:\WINDOWS\System32\svchost.exe[1040] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02D60000
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02D90000
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02D90FEF
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02D90FDE
.text C:\WINDOWS\System32\svchost.exe[1040] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02D90FCD
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00890000
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00890047
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00890F48
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00890022
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00890F6F
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00890F94
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00890069
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00890058
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00890EEB
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00890084
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00890EDA
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00890011
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00890FE5
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00890F2D
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00890FAF
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00890FC0
.text C:\WINDOWS\System32\svchost.exe[1216] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00890F10
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00880FE5
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0088006C
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00880036
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 0088001B
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00880FAF
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00880051
.text C:\WINDOWS\System32\svchost.exe[1216] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00880FCA
.text C:\WINDOWS\System32\svchost.exe[1216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0086000A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D4000A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D4009F
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D4008E
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D40073
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D40062
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D40FCA
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D400DC
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D400C1
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D40F79
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D40108
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D4012D
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D40051
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D4001B
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D400B0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D40FDB
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D4002C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D400ED
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00AD0036
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00AD0073
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00AD0025
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00AD000A
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00AD0FB6
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00AD0FEF
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00AD0062
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00AD0051
.text C:\WINDOWS\System32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0000
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00AE0FEF
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00AE0FDE
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00AE0FC3
.text C:\WINDOWS\System32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00AE0FB2
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0058
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F63
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0047
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0036
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0FA5
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB008E
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB007D
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0F06
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB009F
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00BA
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0F8A
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB0000
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0F52
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0FB6
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB0011
.text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB0F21
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00040
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00011
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D00065
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00000
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D00FC3
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F0, 88 ]
.text C:\WINDOWS\Explorer.EXE[1596] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D10FEF
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D1000A
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D10FD4
.text C:\WINDOWS\Explorer.EXE[1596] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D1002F
.text C:\WINDOWS\Explorer.EXE[1596] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CB0000
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CB0F99
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CB0FAA
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CB0084
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CB0073
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CB0047
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CB00B3
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CB0F6B
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CB00D5
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CB0F46
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CB00E6
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CB0062
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CB0FDB
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CB0F88
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CB002C
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CB001B
.text C:\WINDOWS\System32\svchost.exe[1624] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CB00C4
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00CA002F
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00CA0F8A
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00CA0FDE
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00CA0014
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00CA0051
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00CA0FB9
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes JMP 50C03388
.text C:\WINDOWS\System32\svchost.exe[1624] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00CA0040
.text C:\WINDOWS\System32\svchost.exe[1624] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C80FEF

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F84F3C90] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F84F3D9E] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F84F3E78] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F84F3E34] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[516] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [019B7376] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Thunderbird\thunderbird.exe[2728] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [019B73CC] C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\MPFP \Device\MPFP wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 05 January 2009 - 11:00 PM

Hello, janny53
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbsup:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 06 January 2009 - 05:42 AM

Hi Billy all done here is what you need .

Many thanks
Jan

ComboFix 09-01-05.05 - Jan Smith 2009-01-06 10:16:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.159 [GMT 0:00]
Running from: c:\documents and settings\Jan Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jan Smith\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ntnet.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD


((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-04 18:17 . 2009-01-04 20:52 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-04 18:12 . 2009-01-04 18:12 <DIR> d-------- C:\_OTMoveIt
2009-01-04 10:15 . 2009-01-04 10:16 <DIR> d-------- C:\hijack this
2009-01-04 09:50 . 2009-01-05 08:54 250 --a------ c:\windows\gmer.ini
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\program files\Trojan Remover
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\documents and settings\Jan Smith\Application Data\Simply Super Software
2008-12-27 19:46 . 2008-12-27 19:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-27 19:46 . 2006-05-25 14:52 162,304 --a------ c:\windows\SYSTEM32\ztvunrar36.dll
2008-12-27 19:46 . 2003-02-02 19:06 153,088 --a------ c:\windows\SYSTEM32\UNRAR3.dll
2008-12-27 19:46 . 2005-08-26 00:50 77,312 --a------ c:\windows\SYSTEM32\ztvunace26.dll
2008-12-27 19:46 . 2002-03-06 00:00 75,264 --a------ c:\windows\SYSTEM32\unacev2.dll
2008-12-27 19:46 . 2006-06-19 12:01 69,632 --a------ c:\windows\SYSTEM32\ztvcabinet.dll
2008-12-27 18:04 . 2008-12-27 18:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 18:04 . 2008-12-27 18:04 <DIR> d-------- c:\documents and settings\Jan Smith\Application Data\Malwarebytes
2008-12-27 18:04 . 2008-12-27 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 18:04 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-27 18:04 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-12-27 12:50 . 2008-12-27 12:50 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 12:09 . 2008-12-27 12:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-27 12:08 . 2008-12-27 12:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-27 12:07 . 2008-12-27 12:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-27 09:45 . 2008-12-27 12:09 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-27 09:45 . 2008-12-27 09:45 <DIR> d-------- c:\documents and settings\Jan Smith\Application Data\SUPERAntiSpyware.com
2008-12-23 16:49 . 2008-12-23 16:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-23 15:17 . 2008-12-27 12:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 08:51 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-28 12:05 --------- d-----w c:\program files\Viewpoint
2008-12-28 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-28 11:16 --------- d-----w c:\program files\Canon
2008-12-28 11:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-27 12:08 --------- d-----w c:\program files\Yahoo!
2008-12-27 12:08 --------- d-----w c:\program files\Google
2008-12-27 12:08 --------- d-----w c:\documents and settings\Jan Smith\Application Data\Lavasoft
2008-12-27 12:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-27 12:02 --------- d-----w c:\program files\CCleaner
2008-12-23 15:17 --------- d-----w c:\program files\Lavasoft
2008-11-26 08:13 --------- d-----w c:\documents and settings\Jan Smith\Application Data\SiteAdvisor
2008-11-22 22:16 --------- d-----w c:\program files\AVG
2008-11-21 15:05 --------- d-----w c:\program files\McAfee
2008-11-19 20:36 --------- d-----w c:\program files\AIM6
2008-11-19 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-17 14:59 --------- d-----w c:\program files\GPLGS
2008-11-17 14:57 --------- d-----w c:\program files\Acro Software
2008-11-14 20:35 --------- d-----w c:\documents and settings\LocalService\Application Data\Talkback
2008-07-06 13:16 32 ----a-r c:\documents and settings\All Users\hash.dat
2005-11-05 12:44 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-01-23 13:07 1,847,296 ----a-w c:\program files\mozilla firefox\plugins\Seadragon.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-07 98304]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 36904]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-12-10 1230728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"= wdmaud.sys

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorrectConnect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ Station.lnk]
backup=c:\windows\pss\EZ Station.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jan Smith^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 19:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 18:28 1434864 c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 00:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 17:22 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2006-10-17 01:20 398944 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 17:21 116224 c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series]
--a------ 2005-03-07 19:00 98304 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 10:07 36864 c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 17:48 641208 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--------- 2003-12-30 10:40 380928 c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 09:33 45108 c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-04-17 12:19 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a------ 2003-03-21 15:32 2138183 c:\progra~1\Sygate\SPF\Smc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-17 12:19 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\FTP Explorer\\ftpx.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\VoipCheap\\voipcheap.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 ambitucm;Ambit USB Cable Modem NDIS Driver;c:\windows\SYSTEM32\DRIVERS\ambitucm.sys [2003-08-27 14974]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [2005-02-01 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [2005-02-01 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [2005-02-01 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [2005-02-01 10368]
S3 DCamUSBUVT;ICM532A;c:\windows\SYSTEM32\DRIVERS\usbuvt.sys [2004-05-15 95232]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-07-28 31592]
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 00:12]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-ThePrivacyGuard - c:\program files\The Privacy Guard\ThePrivacyGuard.exe
MSConfigStartUp-Virgin Atlantic Alerts - c:\program files\Virgin Atlantic Alerts\virginatlanticalerts.exe
MSConfigStartUp-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jansfloridavilla.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://uk.yahoo.com
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: LimeShop Preferences - file://c:\program files\LimeShop\System\Temp\limeshop_script0.htm

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Jan Smith\Application Data\Mozilla\Firefox\Profiles\2ictdgzt.jan\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.Jansfloridavilla.co.uk
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 10:27:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2815480118-491811010-1379311507-1006\Software\Microsoft\SystemCertificates\AddressBook*NULL*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\SYSTEM32\brss01a.exe
c:\windows\SYSTEM32\bgsvcgen.exe
c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
c:\windows\SYSTEM32\E_S00RP1.EXE
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Common Files\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\SYSTEM32\SAgent4.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-06 10:37:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-06 10:36:43

Pre-Run: 56,352,096,256 bytes free
Post-Run: 56,736,202,752 bytes free

283 --- E O F --- 2008-12-28 16:11:02

Edited by janny53, 06 January 2009 - 05:43 AM.


#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 06 January 2009 - 08:20 PM

Hello, janny53
We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    file::
    c:\documents and settings\All Users\hash.dat
    c:\program files\RngInterstitial.dll
    c:\program files\mozilla firefox\plugins\Seadragon.dll
    folder::
    c:\program files\Trojan Remover
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
  • ComboFix.txt
  • ESET OnlineScan's Log

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 07 January 2009 - 05:12 AM

Hi Billy
I have come up against a snag.I copy the text but I cannot get it to transfer to ComboFix .exe -any ideas and can I do the second part you need before I do the first?
Jan

Edited by janny53, 07 January 2009 - 05:22 AM.


#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 07 January 2009 - 10:12 PM

Hello, janny53
Did you get this part?

Open notepad and copy/paste the text in the quotebox below into it:
~ SCRIPT ~
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe


The combofix step needs to be done before the ESET step.

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 08 January 2009 - 06:01 AM

Hi Billy
Yes I got that bit but is the cfscript.txt seems not to want to transfer as per the illustration into combo fix and they simply change places on my desktop. The only way I get the combofix box up is to manually open it -Should it appear as soon as the cfscrpit is transferred? hope this makes sense to you.

#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:19 PM

Posted 08 January 2009 - 04:36 PM

Alright... please make sure it's on your desktop, and run it manually this way:

Start -> Run...
Type in
"%userprofile%\Desktop\ComboFix.exe" "%userprofile%\Desktop\CFScript.txt"
Press Enter.

That should start it up correctly.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 janny53

janny53
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 08 January 2009 - 07:05 PM

Here you are Billy .many thanks
Jan



# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3752 (20090108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=fb60a3e891f22c47889cf01f9c1b6197
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-08 11:48:06
# local_time=2009-01-08 11:48:06 (+0000, GMT Standard Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 3
# scanned=455869
# found=7
# scan_time=5248
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0221403.dll Win32/Adware.SpywareRemover application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0221407.dll Win32/Adware.AntiSpyware2008 application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0221454.sys Win32/Agent.OJK trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0221664.sys a variant of Win32/Agent.OJK trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0222308.dll Win32/Adware.SpywareRemover application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0222309.dll Win32/Adware.AntiSpyware2008 application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2018\A0222315.sys a variant of Win32/Agent.OJK trojan (unable to clean - deleted) 00000000000000000000000000000000



ComboFix 09-01-08.01 - Jan Smith 2009-01-08 22:06:44.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.235 [GMT 0:00]
Running from: c:\documents and settings\Jan Smith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jan Smith\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-12-08 to 2009-01-08 )))))))))))))))))))))))))))))))
.

2009-01-04 18:17 . 2009-01-04 20:52 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-04 18:12 . 2009-01-04 18:12 <DIR> d-------- C:\_OTMoveIt
2009-01-04 10:15 . 2009-01-04 10:16 <DIR> d-------- C:\hijack this
2009-01-04 09:50 . 2009-01-05 08:54 250 --a------ c:\windows\gmer.ini
2008-12-27 18:04 . 2008-12-27 18:04 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-27 18:04 . 2008-12-27 18:04 <DIR> d-------- c:\documents and settings\Jan Smith\Application Data\Malwarebytes
2008-12-27 18:04 . 2008-12-27 18:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-27 18:04 . 2008-12-03 19:52 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-12-27 18:04 . 2008-12-03 19:52 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2008-12-27 12:50 . 2008-12-27 12:50 <DIR> d-------- c:\program files\Trend Micro
2008-12-27 12:09 . 2008-12-27 12:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-27 12:08 . 2009-01-08 10:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-27 12:07 . 2008-12-27 12:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-12-27 09:45 . 2009-01-08 10:35 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-23 16:49 . 2008-12-23 16:49 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-23 15:17 . 2008-12-27 12:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 14:43 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-06 16:20 --------- d-----w c:\program files\Acro Software
2008-12-28 12:05 --------- d-----w c:\program files\Viewpoint
2008-12-28 12:05 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-28 11:16 --------- d-----w c:\program files\Canon
2008-12-28 11:10 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-27 12:08 --------- d-----w c:\program files\Yahoo!
2008-12-27 12:08 --------- d-----w c:\program files\Google
2008-12-27 12:08 --------- d-----w c:\documents and settings\Jan Smith\Application Data\Lavasoft
2008-12-27 12:03 --------- d-----w c:\program files\Common Files\Adobe
2008-12-27 12:02 --------- d-----w c:\program files\CCleaner
2008-12-23 15:17 --------- d-----w c:\program files\Lavasoft
2008-12-13 06:40 3,593,216 ----a-w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-11-26 08:13 --------- d-----w c:\documents and settings\Jan Smith\Application Data\SiteAdvisor
2008-11-22 22:16 --------- d-----w c:\program files\AVG
2008-11-21 15:05 --------- d-----w c:\program files\McAfee
2008-11-19 20:36 --------- d-----w c:\program files\AIM6
2008-11-19 20:23 --------- d-----w c:\documents and settings\All Users\Application Data\acccore
2008-11-19 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-17 20:04 2,306,113 ----a-w c:\windows\SYSTEM32\GPhotos.scr
2008-11-14 20:35 --------- d-----w c:\documents and settings\LocalService\Application Data\Talkback
2008-10-24 11:21 455,296 ------w c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\SYSTEM32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\SYSTEM32\DLLCACHE\gdi32.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\SYSTEM32\wuweb.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\SYSTEM32\wuaueng.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\SYSTEM32\wuapi.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\SYSTEM32\wucltui.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\SYSTEM32\DLLCACHE\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\SYSTEM32\DLLCACHE\cdm.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\SYSTEM32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\SYSTEM32\wuauclt.exe
2008-10-16 14:09 51,224 ----a-w c:\windows\SYSTEM32\DLLCACHE\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\SYSTEM32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\SYSTEM32\wups.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\SYSTEM32\DLLCACHE\wups.dll
2008-10-16 14:06 268,648 ----a-w c:\windows\SYSTEM32\mucltui.dll
2008-10-16 14:06 208,744 ----a-w c:\windows\SYSTEM32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\SYSTEM32\DLLCACHE\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\SYSTEM32\DLLCACHE\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\SYSTEM32\DLLCACHE\ieakui.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-06_10.34.22.23 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-06 10:30:24 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-01-08 18:06:13 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
- 2009-01-06 10:30:24 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-01-08 18:06:13 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-07 98304]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"SiteAdvisor"="c:\program files\SiteAdvisor\6172\SiteAdv.exe" [2007-03-30 36904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux4"= wdmaud.sys

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorrectConnect.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EZ Station.lnk]
backup=c:\windows\pss\EZ Station.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jan Smith^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 19:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
--a------ 2008-12-19 18:28 1434864 c:\program files\CCleaner\ccleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 00:12 15360 c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-08-13 00:05 122939 c:\windows\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
-ra------ 2002-08-14 17:22 28672 c:\windows\SYSTEM32\DSentry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2006-10-17 01:20 398944 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
--a------ 2007-03-06 17:21 116224 c:\program files\eFax Messenger 4.3\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4200 Series]
--a------ 2005-03-07 19:00 98304 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATIAEE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 c:\windows\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 c:\windows\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2002-08-12 10:07 36864 c:\program files\Scansoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 09:47 289064 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2008-07-11 17:48 641208 c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
--------- 2003-12-30 10:40 380928 c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2002-08-12 09:33 45108 c:\program files\Scansoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-04-17 12:19 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]
--a------ 2003-03-21 15:32 2138183 c:\progra~1\Sygate\SPF\Smc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 c:\program files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-17 12:19 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 00:01 110592 c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\FTP Explorer\\ftpx.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\Program Files\\VoipCheap\\voipcheap.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

S3 ambitucm;Ambit USB Cable Modem NDIS Driver;c:\windows\SYSTEM32\DRIVERS\ambitucm.sys [2003-08-27 14974]
S3 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\BrFilt.sys [2005-02-01 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [2005-02-01 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [2005-02-01 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [2005-02-01 10368]
S3 DCamUSBUVT;ICM532A;c:\windows\SYSTEM32\DRIVERS\usbuvt.sys [2004-05-15 95232]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-07-28 31592]
.
Contents of the 'Scheduled Tasks' folder

2009-01-05 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\SYSTEM32\cleanmgr.exe [2008-04-14 00:12]

2008-11-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.jansfloridavilla.co.uk/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://uk.yahoo.com
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: LimeShop Preferences - file://c:\program files\LimeShop\System\Temp\limeshop_script0.htm

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Jan Smith\Application Data\Mozilla\Firefox\Profiles\2ictdgzt.jan\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.Jansfloridavilla.co.uk
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgooglevlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppsynth.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\windows\system32\Photosynth\nppsynth.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 22:11:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-01-08 22:15:41
ComboFix-quarantined-files.txt 2009-01-08 22:14:23
ComboFix2.txt 2009-01-08 21:57:44
ComboFix3.txt 2009-01-08 10:48:17
ComboFix4.txt 2009-01-08 10:30:38
ComboFix5.txt 2009-01-08 22:05:52

Pre-Run: 56,767,270,912 bytes free
Post-Run: 56,748,482,560 bytes free

253 --- E O F --- 2008-12-28 16:11:02




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users