Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Major Problem after attempting to remove Limewire. (Log posted here)


  • This topic is locked This topic is locked
13 replies to this topic

#1 KINNEY0201

KINNEY0201

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 14 June 2009 - 05:25 AM

My friend put Limewire on my computer. I attempted to remove it via Start>Control Panel>Add/Remove programs. Then things went haywire.

I'm getting crazy pop-ups, I'm constantly being redirected to various webpages, and ALL of my system restore points are gone!!

Not to mention, I still think parts of that stupid Limewire are floating around my computer. I have tried several different spyware, adware, malware, and anti-virus software, but I'm getting nothing. Below is my Hijack this log, can anyone help reverse this? Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:01 PM, on 6/13/2009
Platform: Windows XP SP2
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DVD PROGRAMS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\common files\aol\1236233593\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1236233593\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\DVD PROGRAMS\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5064
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5064
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5064
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5064
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clienturls.aol.com/safety/us/securi...ion_asp2retired
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\DVD PROGRAMS\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0014661244933473) (0014661244933473mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp\001466~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10803 bytes

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 14 June 2009 - 07:13 AM

Hi,

I will handle your log. As I am in training all my answers have to be approved by my Coaches.
I hope you understand.

I'll get back to you as soon as is possible.

#3 KINNEY0201

KINNEY0201
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 14 June 2009 - 08:31 AM

Thank you very much. I look forward to hearing from you!

Thanks again.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 14 June 2009 - 08:31 AM

Hi,

1.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<info.txt (<
2. Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

#5 KINNEY0201

KINNEY0201
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 15 June 2009 - 05:16 AM

Here you go. Just a note, After running the scans, I now have a black screen on the desktop with red letters that say, "WARNING
YOUR’RE IN DANGER! YOUR COMPUTER IS INFECTED WITH SPYWARE!

ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK.
WHEN YOU VISIT SITES, SEND E-MAILS… ALL YOUR ACTIONS ARE
LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDART TOOLS.
YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES

FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.
Every sit you or somebody or even something, like spyware, opened in your browsers,
with all images, and all downloaded and maybe later removed movies or mp3 songs -
ARE STILL THERE and could break your life!

SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!”


Here are the logs that you requested:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-14 20:59:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 200 GB (85%) free of 234 GB
Total RAM: 2037 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:09 PM, on 6/14/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\DVD PROGRAMS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\common files\aol\1236233593\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1236233593\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\DVD PROGRAMS\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5064
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5064
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5064
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TP&M=GT5064
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clienturls.aol.com/safety/us/securi...ion_asp2retired
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\DVD PROGRAMS\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0014661244933473) (0014661244933473mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\Owner\LOCALS~1\Temp\001466~1.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10543 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 2.job
C:\WINDOWS\tasks\ISP signup reminder 3.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-06 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-06 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2007-01-21 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2007-01-21 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2007-01-21 114688]
"HostManager"=C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe [2006-03-10 48280]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-08-27 139264]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
"SigmatelSysTrayApp"=sttray.exe []
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2005-10-27 8740864]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-06 148888]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-03-25 645328]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-06-13 1217784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]
"AOL Fast Start"=C:\Program Files\America Online 9.0\AOL.EXE [2005-07-25 50776]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\DVD PROGRAMS\WZQKPICK.EXE

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1236233593\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1236233593\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4b4b70-0990-11de-964f-00038a000015}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-06-14 20:59:07 ----D---- C:\rsit
2009-06-13 18:50:56 ----D---- C:\Program Files\Common Files\McAfee
2009-06-13 18:50:55 ----D---- C:\Program Files\McAfee.com
2009-06-13 18:49:01 ----D---- C:\WINDOWS\LastGood
2009-06-13 18:37:38 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-06-13 18:37:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-13 18:30:48 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-13 18:08:41 ----D---- C:\Documents and Settings\Owner\Application Data\URSoft
2009-06-13 18:08:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-06 10:06:40 ----D---- C:\Documents and Settings\Owner\Application Data\LimeWire
2009-05-19 06:29:24 ----D---- C:\Documents and Settings\Owner\Application Data\Apple Computer
2009-05-19 06:29:17 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-05-19 06:29:03 ----D---- C:\Program Files\iPod
2009-05-19 06:28:59 ----D---- C:\Program Files\iTunes
2009-05-19 06:28:59 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 06:28:47 ----D---- C:\Program Files\Bonjour
2009-05-19 06:28:13 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-05-19 06:27:56 ----D---- C:\Program Files\Apple Software Update
2009-05-19 06:27:35 ----D---- C:\Program Files\Common Files\Apple
2009-05-19 06:27:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-05-18 06:34:13 ----D---- C:\Documents and Settings\All Users\Application Data\Wide Angle Software

======List of files/folders modified in the last 1 months======

2009-06-14 20:59:08 ----D---- C:\DVD PROGRAMS
2009-06-14 19:24:44 ----D---- C:\WINDOWS\Temp
2009-06-14 18:28:08 ----D---- C:\WINDOWS\Prefetch
2009-06-14 10:03:40 ----A---- C:\WINDOWS\win.ini
2009-06-13 19:00:33 ----SHD---- C:\WINDOWS\Installer
2009-06-13 18:54:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-06-13 18:54:38 ----D---- C:\WINDOWS\system32
2009-06-13 18:53:15 ----D---- C:\WINDOWS
2009-06-13 18:53:10 ----HD---- C:\WINDOWS\inf
2009-06-13 18:53:04 ----D---- C:\Program Files\McAfee
2009-06-13 18:51:33 ----D---- C:\WINDOWS\system32\drivers
2009-06-13 18:51:06 ----SD---- C:\WINDOWS\Tasks
2009-06-13 18:50:56 ----D---- C:\Program Files\Common Files
2009-06-13 18:50:55 ----RD---- C:\Program Files
2009-06-13 18:50:55 ----D---- C:\mcafee_mcpr
2009-06-13 18:49:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-13 18:48:53 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-06-13 18:48:48 ----D---- C:\WINDOWS\Registration
2009-06-13 18:48:27 ----D---- C:\Program Files\Steam
2009-06-13 18:48:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-13 18:32:50 ----SHD---- C:\RECYCLER
2009-06-13 17:08:23 ----D---- C:\WINDOWS\system32\config
2009-06-13 17:08:08 ----D---- C:\WINDOWS\system32\wbem
2009-06-13 17:07:58 ----D---- C:\WINDOWS\security
2009-06-13 17:07:17 ----D---- C:\WINDOWS\system32\Restore
2009-06-12 06:25:17 ----D---- C:\DVDS
2009-06-09 19:14:38 ----D---- C:\Documents and Settings\Owner\Application Data\Ahead
2009-06-05 06:40:23 ----D---- C:\Documents and Settings\Owner\Application Data\U3
2009-06-03 16:39:52 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-01 06:08:40 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-19 06:29:17 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-19 06:28:31 ----D---- C:\Program Files\QuickTime
2009-05-18 06:40:48 ----D---- C:\WINDOWS\WinSxS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832]
R1 ELhid;ELhid; C:\WINDOWS\System32\DRIVERS\ELhid.sys [2005-10-12 6400]
R1 ELkbd;ELkbd; C:\WINDOWS\System32\DRIVERS\ELkbd.sys [2005-10-12 6912]
R1 ELmon;ELmon; C:\WINDOWS\System32\DRIVERS\ELmon.sys [2005-10-12 7040]
R1 ELmou;ELmou; C:\WINDOWS\System32\DRIVERS\ELmou.sys [2005-10-12 6400]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-06-13 162816]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2005-10-12 7552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-01-24 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-01-24 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-01-24 21568]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 PAC7302;PAC7302 VGA USB Camera; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-09-26 41728]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-27 1021832]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-03 42496]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-08-06 235520]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 ELService;Intel® Quick Resume Technology Drivers; C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe [2007-01-22 172032]
R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-06 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-03-25 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2009-03-05 172032]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S2 0014661244933473mcinstcleanup;McAfee Application Installer Cleanup (0014661244933473); C:\DOCUME~1\Owner\LOCALS~1\Temp\001466~1.EXE [2008-10-23 315264]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-01-09 68112]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-15 06:00:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA1E274EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA1E27581]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA1E27498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xA1E274AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA1E27595]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA1E275C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xA1E27634]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xA1E27619]
Code 895D7098 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA1E2752A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xA1E2765E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA1E2756D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xA1E27470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xA1E27484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA1E274FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xA1E2769A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xA1E27603]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xA1E275ED]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA1E275AB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xA1E27686]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xA1E27672]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xA1E274D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xA1E274C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA1E275D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA1E27559]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xA1E27648]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA1E27540]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA1E27514]
Code 895E8356 IofCallDriver
Code 8963CA9E IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EEF9C 5 Bytes JMP 895E835B
.text ntkrnlpa.exe!IofCompleteRequest 804EF02C 5 Bytes JMP 8963CAA3
.text ntkrnlpa.exe!ZwYieldExecution 80503EF8 7 Bytes JMP A1E27518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80577E64 5 Bytes JMP A1E274EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B09D2 7 Bytes JMP A1E2752E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B17E0 5 Bytes JMP A1E27544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B51D2 5 Bytes JMP 895D709C
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6DA6 7 Bytes JMP A1E27502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805C9C80 5 Bytes JMP A1E27474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C9F0C 5 Bytes JMP A1E27488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC6CA 5 Bytes JMP A1E274C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF9A0 7 Bytes JMP A1E274B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805CFA56 5 Bytes JMP A1E2749C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805CFF78 5 Bytes JMP A1E274DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805D11A8 5 Bytes JMP A1E2755D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 80620158 7 Bytes JMP A1E275F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 806204A6 5 Bytes JMP A1E27676 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetValueKey 8062075E 7 Bytes JMP A1E275DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80620A26 7 Bytes JMP A1E2764C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8062126C 7 Bytes JMP A1E27607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey 80621AC4 3 Bytes JMP A1E275AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRenameKey + 4 80621AC8 3 Bytes [21, 90, 90]
PAGE ntkrnlpa.exe!ZwCreateKey 8062209E 5 Bytes JMP A1E27585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteKey 8062252E 7 Bytes JMP A1E27599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwDeleteValueKey 806226FE 7 Bytes JMP A1E275C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 806228DE 5 Bytes JMP A1E27638 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80622B48 3 Bytes JMP A1E2761D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey + 4 80622B4C 3 Bytes [21, 90, 90]
PAGE ntkrnlpa.exe!ZwOpenKey 80623434 5 Bytes JMP A1E27571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80623758 7 Bytes JMP A1E2769E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 80623C7E 5 Bytes JMP A1E2768A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623D98 5 Bytes JMP A1E27662 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[196] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[272] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D000A
.text C:\Program Files\QuickTime\QTTask.exe[288] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C000A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[344] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D000A
.text C:\WINDOWS\system32\ctfmon.exe[356] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 088E000A
.text ...
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F50000
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F50F94
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F50089
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F50FA5
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F50FB6
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F50051
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F50F5E
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F50F6F
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F500E3
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F500C8
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F50F2F
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F50062
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F5001B
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00F5009A
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00F50FE5
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00F5002C
.text C:\Program Files\Messenger\msmsgs.exe[360] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F500B7
.text C:\Program Files\Messenger\msmsgs.exe[360] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30049
.text C:\Program Files\Messenger\msmsgs.exe[360] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30038
.text C:\Program Files\Messenger\msmsgs.exe[360] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F3000C
.text C:\Program Files\Messenger\msmsgs.exe[360] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30FEF
.text C:\Program Files\Messenger\msmsgs.exe[360] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30027
.text C:\Program Files\Messenger\msmsgs.exe[360] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F30FD2
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F40022
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F40062
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F40FD1
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F40011
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F40FAF
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F40FC0
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F40000
.text C:\Program Files\Messenger\msmsgs.exe[360] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F4003D
.text C:\Program Files\Messenger\msmsgs.exe[360] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F1000A
.text C:\Program Files\Messenger\msmsgs.exe[360] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00F2000A
.text C:\Program Files\Messenger\msmsgs.exe[360] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00F20FEF
.text C:\Program Files\Messenger\msmsgs.exe[360] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00F20FD4
.text C:\Program Files\Messenger\msmsgs.exe[360] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00F20031
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[376] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003E000A
.text C:\Program Files\America Online 9.0\waol.exe[432] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C000A
.text C:\DVD PROGRAMS\WZQKPICK.EXE[556] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C000A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[584] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0091000A
.text c:\program files\common files\aol\1236233593\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe[736] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0891000A
.text ...
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B80093
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B80082
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B80FA8
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B8005B
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B80040
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B800DC
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B800CB
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B80F43
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B80F5E
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B80F32
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B80FB9
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B800AE
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B80025
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B80FD4
.text C:\WINDOWS\system32\services.exe[800] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B80F79
.text C:\WINDOWS\system32\services.exe[800] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00060078
.text C:\WINDOWS\system32\services.exe[800] msvcrt.dll!system 77C293C7 5 Bytes JMP 0006005D
.text C:\WINDOWS\system32\services.exe[800] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0006001D
.text C:\WINDOWS\system32\services.exe[800] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00060000
.text C:\WINDOWS\system32\services.exe[800] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00060038
.text C:\WINDOWS\system32\services.exe[800] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00060FE3
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0007002C
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00070047
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0007001B
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00070FE5
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00070F8A
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00070FA5
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0007000A
.text C:\WINDOWS\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00070FC0
.text C:\WINDOWS\system32\services.exe[800] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 0005000A
.text C:\WINDOWS\system32\services.exe[800] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[800] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00050025
.text C:\WINDOWS\system32\services.exe[800] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00050040
.text C:\WINDOWS\system32\services.exe[800] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0112000A
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01120F94
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01120FAF
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01120FC0
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0112007D
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01120047
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 011200C9
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01120F83
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 011200F5
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01120F52
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01120106
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01120058
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01120FEF
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 011200A4
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01120036
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01120025
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!WinExec 7C86114D 3 Bytes JMP 011200DA
.text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!WinExec + 4 7C861151 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01100F9E
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01100036
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01100FB9
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01100FD4
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01100F79
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0110001B
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01100FE5
.text C:\WINDOWS\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0110000A
.text C:\WINDOWS\system32\lsass.exe[812] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 010F002C
.text C:\WINDOWS\system32\lsass.exe[812] msvcrt.dll!system 77C293C7 5 Bytes JMP 010F0FA1
.text C:\WINDOWS\system32\lsass.exe[812] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 010F0FCD
.text C:\WINDOWS\system32\lsass.exe[812] msvcrt.dll!_open 77C2F566 5 Bytes JMP 010F0000
.text C:\WINDOWS\system32\lsass.exe[812] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 010F0FBC
.text C:\WINDOWS\system32\lsass.exe[812] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 010F0011
.text C:\WINDOWS\system32\lsass.exe[812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 010D0000
.text C:\WINDOWS\system32\lsass.exe[812] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 010E0FEF
.text C:\WINDOWS\system32\lsass.exe[812] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 010E0000
.text C:\WINDOWS\system32\lsass.exe[812] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 010E0FC8
.text C:\WINDOWS\system32\lsass.exe[812] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 010E0FB7
.text c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B000A
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FD0F66
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FD005B
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FD004A
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FD002F
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FD0FB2
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FD0080
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FD0F3A
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FD0F13
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FD00AC
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FD0F02
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FD0F97
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FD0014
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FD0F55
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FD0091
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F40FCA
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F40F83
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F40011
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F40FDB
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F40F9E
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F40040
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F40000
.text C:\WINDOWS\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F40FB9
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F30044
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F30033
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F30FD4
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F30FEF
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F30FC3
.text C:\WINDOWS\system32\svchost.exe[976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F3000C
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00F2000A
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00F20FEF
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00F2001B
.text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00F20038
.text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00F10FEF
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00E40F79
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00E4006E
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00E40F8A
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00E40047
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00E40FC0
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00E40F41
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00E40F5E
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00E400D0
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00E400BF
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00E400F5
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00E40FA5
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00E4007F
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00E4002C
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00E400A4
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00E3002F
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00E30FAF
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00E30014
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00E3006C
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00E3005B
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00E30040
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E2006E
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FD9
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20038
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20000
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20053
.text C:\WINDOWS\system32\svchost.exe[1052] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E2001D
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00E10FCA
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00E10FB9
.text C:\WINDOWS\system32\svchost.exe[1052] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00E10F9C
.text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E0000A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 031B000A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 031B0F68
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 031B0F79
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 031B0F8A
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 031B0FA5
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 031B0036
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 031B009F
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 031B0F57
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 031B0F32
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 031B00CB
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 031B0F21
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 031B0047
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 031B0FEF
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 031B0078
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 031B0FCA
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 031B0025
.text C:\WINDOWS\System32\svchost.exe[1152] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 031B00BA
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 031A0FCA
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 031A0F97
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 031A0011
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 031A0FDB
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 031A004A
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 031A0FA8
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 031A0000
.text C:\WINDOWS\System32\svchost.exe[1152] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 031A0FB9
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02CD0FB2
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!system 77C293C7 5 Bytes JMP 02CD003D
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02CD0FDE
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02CD000C
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02CD0FCD
.text C:\WINDOWS\System32\svchost.exe[1152] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02CD0FEF
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 02CC0FE5
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 02CC0000
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 02CC0FC8
.text C:\WINDOWS\System32\svchost.exe[1152] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 02CC0025
.text C:\WINDOWS\System32\svchost.exe[1152] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02800FEF
.text C:\Documents and Settings\Owner\Desktop\mhnd02wd.exe[1216] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 009C000A
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A30F68
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A30F83
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A3005D
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A30F94
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A30FAF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A30F4B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A30093
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A300D0
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A300BF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A30F1C
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A30036
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A30078
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A30FC0
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A300A4
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A20F8A
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A20FC0
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A20F9B
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A20033
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A20FE5
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A20022
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10F8D
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10FA8
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FDE
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10FC3
.text C:\WINDOWS\system32\svchost.exe[1236] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10018
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00A00FE5
.text C:\WINDOWS\system32\svchost.exe[1236] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00A0002C
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00890FEF
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0089007B
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00890060
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00890F86
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00890039
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00890FA8
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00890F53
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00890F64
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00890F1D
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00890F2E
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008900D1
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00890F97
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00890F75
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00890FB9
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00890FD4
.text C:\WINDOWS\system32\svchost.exe[1436] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008900B6
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0088003D
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00880069
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0088002C
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0088001B
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00880FAC
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00880058
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00880000
.text C:\WINDOWS\system32\svchost.exe[1436] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00880FD1
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00870F81
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!system 77C293C7 5 Bytes JMP 00870F9C
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00870FB7
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00870FEF
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0087000C
.text C:\WINDOWS\system32\svchost.exe[1436] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00870FD2
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 0086001B
.text C:\WINDOWS\system32\svchost.exe[1436] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00860FC8
.text C:\WINDOWS\system32\svchost.exe[1436] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00960000
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[1464] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0073000A
.text C:\WINDOWS\Explorer.EXE[1612] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 015D0FEF
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 015D0091
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 015D0080
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 015D0065
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 015D0FA8
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 015D0FB9
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 015D00E4
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 015D00C9
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015D0F4B
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015D0F66
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 015D00FF
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 015D0040
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 015D000A
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 015D00AC
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 015D002F
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 015D0FD4
.text C:\WINDOWS\Explorer.EXE[1612] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 015D0F77
.text C:\WINDOWS\Explorer.EXE[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 014F0FB6
.text C:\WINDOWS\Explorer.EXE[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 014F004B
.text C:\WINDOWS\Explorer.EXE[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 014F0FE5
.text C:\WINDOWS\Explorer.EXE[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 014F0000
.text C:\WINDOWS\Explorer.EXE[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 014F003A
.text C:\WINDOWS\Explorer.EXE[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 014F0029
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 015C0FD1
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 015C0F9B
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 015C0022
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 015C0011
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 015C0058
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 015C0047
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 015C0000
.text C:\WINDOWS\Explorer.EXE[1612] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 015C0FC0
.text C:\WINDOWS\Explorer.EXE[1612] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 014E0FEF
.text C:\WINDOWS\Explorer.EXE[1612] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 014E000A
.text C:\WINDOWS\Explorer.EXE[1612] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 014E0FDE
.text C:\WINDOWS\Explorer.EXE[1612] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 014E0FC1
.text C:\WINDOWS\Explorer.EXE[1612] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E90FEF
.text C:\WINDOWS\eHome\ehRecvr.exe[1636] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005F000A
.text C:\WINDOWS\ehome\ehtray.exe[1828] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D000A
.text C:\WINDOWS\system32\igfxtray.exe[1836] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003D000A
.text C:\WINDOWS\system32\hkcmd.exe[1848] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003B000A
.text C:\WINDOWS\system32\igfxpers.exe[1856] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes JMP 0892000A
.text ...
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2772] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2772] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\America Online 9.0\shellmon.exe[2820] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003C000A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2860] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003E000A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[3148] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B30000
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B30F7E
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B30F99
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B30073
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B30062
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B30047
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B30F46
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B30F6D
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B30F24
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B300B3
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B300CE
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B30FC0
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B30011
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B30098
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B30FDB
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B3002C
.text C:\WINDOWS\system32\svchost.exe[3244] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B30F35
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B20FCA
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B20F5E
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B2001B
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B20FE5
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B20F79
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B20F8A
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B20000
.text C:\WINDOWS\system32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B20FA5
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B10027
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B10F92
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B10FC8
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B10FEF
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B10FAD
.text C:\WINDOWS\system32\svchost.exe[3244] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B1000C
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00B00FEF
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00B00027
.text C:\WINDOWS\system32\svchost.exe[3244] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00B00FD4
.text C:\WINDOWS\system32\svchost.exe[3244] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00650FEF
.text C:\WINDOWS\eHome\ehmsas.exe[3296] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0084000A
.text C:\WINDOWS\system32\svchost.exe[3396] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B60000
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B60F7C
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B60071
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B60F97
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B60FA8
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B6004A
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B600A9
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B60F61
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B60F32
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B600D5
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B600F0
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B60FC3
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B60FEF
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B6008C
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B60025
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B60FD4
.text C:\WINDOWS\system32\svchost.exe[3396] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B600BA
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B50047
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B50FA5
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B5002C
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00B5001B
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B50FC0
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B50FD1
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B50000
.text C:\WINDOWS\system32\svchost.exe[3396] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B50058
.text C:\WINDOWS\system32\svchost.exe[3396] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B40F7A
.text C:\WINDOWS\system32\svchost.exe[3396] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B40F8B
.text C:\WINDOWS\system32\svchost.exe[3396] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B40FB7
.text C:\WINDOWS\system32\svchost.exe[3396] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[3396] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B40FA6
.text C:\WINDOWS\system32\svchost.exe[3396] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B40FD2
.text C:\WINDOWS\system32\svchost.exe[3396] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00B30FD4
.text C:\WINDOWS\system32\svchost.exe[3396] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00B30FEF
.text C:\WINDOWS\system32\svchost.exe[3396] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 00B30FC3
.text C:\WINDOWS\system32\svchost.exe[3396] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00B30016
.text C:\WINDOWS\system32\wdfmgr.exe[3572] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 005B000A
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[3624] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 003F000A
.text C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe[3644] ntdll.dll!LdrLoadDll 7C9161CA 3 Bytes JMP 0092000A
.text C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe[3644] ntdll.dll!LdrLoadDll + 4 7C9161CE 1 Byte [84]
.text C:\Program Files\iPod\bin\iPodService.exe[3916] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0073000A
.text ...
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FE5
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B0F4B
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F66
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0040
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0F83
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0FAF
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F02
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F1F
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0EDD
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0076
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001B0ECC
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001B0F9E
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001B0000
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001B0F30
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001B0FC0
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001B0011
.text C:\WINDOWS\system32\dllhost.exe[4032] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001B005B
.text C:\WINDOWS\system32\dllhost.exe[4032] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00290F95
.text C:\WINDOWS\system32\dllhost.exe[4032] msvcrt.dll!system 77C293C7 5 Bytes JMP 00290020
.text C:\WINDOWS\system32\dllhost.exe[4032] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00290FC1
.text C:\WINDOWS\system32\dllhost.exe[4032] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[4032] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00290FA6
.text C:\WINDOWS\system32\dllhost.exe[4032] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00290FD2
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 002A0040
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 002A0FA8
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 002A0025
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 002A0FEF
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 002A0FB9
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 002A0065
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 002A000A
.text C:\WINDOWS\system32\dllhost.exe[4032] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 002A0FD4
.text C:\WINDOWS\system32\dllhost.exe[4032] WININET.dll!InternetOpenW 771BAF65 5 Bytes JMP 00680FEF
.text C:\WINDOWS\system32\dllhost.exe[4032] WININET.dll!InternetOpenA 771C58EA 5 Bytes JMP 00680000
.text C:\WINDOWS\system32\dllhost.exe[4032] WININET.dll!InternetOpenUrlA 771C5B9D 5 Bytes JMP 0068001B
.text C:\WINDOWS\system32\dllhost.exe[4032] WININET.dll!InternetOpenUrlW 771D5B82 5 Bytes JMP 00680042
.text C:\WINDOWS\system32\dllhost.exe[4032] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00720FEF

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [08CE85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\America Online 9.0\waol.exe[432] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08CE869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [08B185EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT c:\program files\common files\aol\1236233593\ee\aolsoftware.exe[932] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08B1869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [089B869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1312] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [089B85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [08AC85EE] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)
IAT C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe[1880] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [08AC869C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/America Online, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 ELkbd.sys (Intel Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\SKYNETmtbqmdkr.sys (*** hidden *** ) [SYSTEM] SKYNETabiuiyxv <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv@imagepath \systemroot\system32\drivers\SKYNETmtbqmdkr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmtbqmdkr.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\modules@SKYNETcmd.dll \systemroot\system32\SKYNETiqplhyuj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\modules@SKYNETlog.dat \systemroot\system32\SKYNETntholwpl.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\modules@SKYNETwsp.dll \systemroot\system32\SKYNETeaoluqvp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETabiuiyxv\modules@SKYNET.dat \systemroot\system32\SKYNETapskornd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv@imagepath \systemroot\system32\drivers\SKYNETmtbqmdkr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main@aid 10096
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\modules
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETmtbqmdkr.sys
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\modules@SKYNETcmd.dll \systemroot\system32\SKYNETiqplhyuj.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\modules@SKYNETlog.dat \systemroot\system32\SKYNETntholwpl.dat
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\modules@SKYNETwsp.dll \systemroot\system32\SKYNETeaoluqvp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\SKYNETabiuiyxv\modules@SKYNET.dat \systemroot\system32\SKYNETapskornd.dat

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\SKYNETmtbqmdkr.sys 69632 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\SKYNETeaoluqvp.dll 20992 bytes executable
File C:\WINDOWS\system32\SKYNETiqplhyuj.dll 44544 bytes executable
File C:\WINDOWS\system32\SKYNETntholwpl.dat 26930 bytes
File C:\WINDOWS\Temp\SKYNETilsfnqjxip.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETaporqqeegy.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcvabweyswr.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdpewldmbcj.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETebvxithnti.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETjxcrujuben.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETmklvriloym.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETneedbvkgas.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETpwpprpelof.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETqcvrhkpqeq.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETqyevnofvse.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsdqdnrquwt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsiycjjypwb.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtbvtnvmewk.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETucoiowbxip.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETvnsidwqipy.tmp 20992 bytes executable

---- EOF - GMER 1.0.15 ----

#6 KINNEY0201

KINNEY0201
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 15 June 2009 - 06:57 PM

Has anyone found a solution for me yet? I really need to get this thing cleaned up, it's driving me crazy!

Thanks for your help!

#7 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 16 June 2009 - 12:33 AM

Hi,

Download ComboFix from one of these locations:
Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Posted Image
Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply, together with a new Hijackthislog.

#8 KINNEY0201

KINNEY0201
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 16 June 2009 - 05:55 AM

Here you go!

ComboFix 09-06-15.06 - Owner 06/16/2009 6:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1558 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETmtbqmdkr.sys
c:\windows\system32\SKYNETapskornd.dat
c:\windows\system32\SKYNETeaoluqvp.dll
c:\windows\system32\SKYNETiqplhyuj.dll
c:\windows\system32\SKYNETntholwpl.dat
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETabiuiyxv


((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 00:13 . 2009-06-16 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 09:41 . 2009-06-15 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\11270934
2009-06-15 09:41 . 2009-06-15 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\91280926
2009-06-15 00:59 . 2009-06-15 00:59 -------- d-----w- C:\rsit
2009-06-13 22:51 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-06-13 22:51 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-06-13 22:51 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-06-13 22:51 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-06-13 22:50 . 2009-06-13 22:51 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-13 22:50 . 2009-06-13 22:51 -------- d-----w- c:\program files\McAfee.com
2009-06-13 22:49 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-06-13 22:37 . 2009-06-13 22:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 22:37 . 2009-02-11 14:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 22:37 . 2009-02-11 14:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 22:37 . 2009-06-13 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 22:08 . 2009-06-13 22:08 -------- d-----w- c:\documents and settings\Owner\Application Data\URSoft
2009-06-13 22:08 . 2009-06-13 22:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-13 21:08 . 2009-06-13 21:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-06 14:06 . 2009-06-13 23:02 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-05-21 02:50 . 2009-05-21 02:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-18 10:34 . 2009-05-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Wide Angle Software
2009-05-18 10:27 . 2009-05-18 10:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Wide Angle Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 23:52 . 2009-04-12 16:26 -------- d-----w- c:\program files\Steam
2009-06-15 01:26 . 2009-03-05 06:18 -------- d-----w- c:\program files\McAfee
2009-06-13 22:54 . 2009-03-05 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-13 22:31 . 2009-04-05 19:04 7912 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-09 23:14 . 2009-04-26 19:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-06-05 10:40 . 2009-03-05 11:24 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-05-19 10:29 . 2009-05-19 10:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-05-19 10:29 . 2009-05-19 10:28 -------- d-----w- c:\program files\iTunes
2009-05-19 10:29 . 2009-05-19 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 10:29 . 2009-05-19 10:29 -------- d-----w- c:\program files\iPod
2009-05-19 10:29 . 2009-05-19 10:27 -------- d-----w- c:\program files\Common Files\Apple
2009-05-19 10:28 . 2009-05-19 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-19 10:28 . 2009-05-19 10:28 -------- d-----w- c:\program files\Bonjour
2009-05-19 10:28 . 2009-03-05 06:13 -------- d-----w- c:\program files\QuickTime
2009-05-19 10:27 . 2009-05-19 10:27 -------- d-----w- c:\program files\Apple Software Update
2009-05-19 10:27 . 2009-05-19 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-06 20:52 . 2009-04-26 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-06 20:51 . 2009-05-06 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-06 20:51 . 2009-03-05 06:11 -------- d-----w- c:\program files\Java
2009-05-06 20:51 . 2009-05-06 20:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-29 10:31 . 2009-04-29 10:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-04-29 10:29 . 2009-04-29 10:29 34062 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
2009-04-26 19:42 . 2009-04-26 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-04-26 19:41 . 2009-04-26 19:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-26 19:40 . 2009-04-26 19:40 -------- d-----w- c:\program files\Nero
2009-04-26 19:40 . 2009-04-26 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-04-12 01:31 . 2009-04-12 01:31 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:58 . 2005-01-10 01:26 71616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 15:06 . 2009-03-25 15:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-19 20:32 . 2009-05-19 10:29 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

------- Sigcheck -------

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[-] 2005-03-14 00:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-13 1217784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-26 50776]
"SpybotSD TeaTimer"="c:\dvd programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-01-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-01-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-01-22 114688]
"HostManager"="c:\program files\Common Files\AOL\1236233593\ee\AOLSoftware.exe" [2006-03-10 48280]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-28 8740864]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\dvd programs\WZQKPICK.EXE [2008-9-10 525664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1236233593\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [4/12/2009 12:47 PM 457856]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-03-08 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-12-12 19:00]

2009-03-16 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-12-12 19:00]

2009-03-21 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-12-12 19:00]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 14:53]

2009-06-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 14:53]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-11270934 - c:\documents and settings\All Users\Application Data\11270934\11270934.exe
HKLM-Run-SigmatelSysTrayApp - sttray.exe
SafeBoot-mfehidk
SafeBoot-mferkdk
SafeBoot-mfetdik
SafeBoot-mfetdik.sys


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5064
uInternet Connection Wizard,ShellNext = hxxp://clienturls.aol.com/safety/us/securitycenter/migration_asp2retired
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 06:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-16 6:48
ComboFix-quarantined-files.txt 2009-06-16 10:48

Pre-Run: 209,256,382,464 bytes free
Post-Run: 209,353,547,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

213 --- E O F --- 2009-03-06 12:00



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:54:41 AM, on 6/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\DVD PROGRAMS\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DVD PROGRAMS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5064
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clienturls.aol.com/safety/us/securi...ion_asp2retired
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DVD PROGRAMS\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\DVD PROGRAMS\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\DVD PROGRAMS\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DVD PROGRAMS\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DVD PROGRAMS\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 8971 bytes

#9 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 16 June 2009 - 01:36 PM

Hi,

1. Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')

Then close all windows except HijackThis and click Fix Checked.

2. Open NotePad.
Copy the code below into the NotePad-file.

Folder::
c:\documents and settings\All Users\Application Data\11270934
c:\documents and settings\All Users\Application Data\91280926

Save the textfile as CFScript.txt

Now, drag the file CFScript.txt in the file ComboFix.exe
Posted Image
ComboFix will start again.
When ComboFix is finished, this could be after a restart, a logfile will open.
Post the contents of that logfile in your next reply.

3. Go to Virustotal.com
Upload the following file by copy/paste the following (so do not use "Browse"!)): c:\windows\system32\drivers\tcpip.sys
Wait untill the results appear, and post them in your next reply.


Also post a fresh HijackThislog.

#10 KINNEY0201

KINNEY0201
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 16 June 2009 - 04:35 PM

Here are the logs that you requested. Thanks again.

ComboFix 09-06-16.01 - Owner 06/16/2009 17:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1558 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\11270934
c:\documents and settings\All Users\Application Data\91280926
c:\documents and settings\All Users\Application Data\11270934\11270934.glu
c:\documents and settings\All Users\Application Data\11270934\pc11270934cnf
c:\documents and settings\All Users\Application Data\11270934\pc11270934ins

.
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.

2009-06-16 00:13 . 2009-06-16 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-15 00:59 . 2009-06-15 00:59 -------- d-----w- C:\rsit
2009-06-13 22:51 . 2009-03-25 15:06 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-06-13 22:51 . 2009-03-25 15:06 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-06-13 22:51 . 2009-03-25 15:06 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-06-13 22:51 . 2008-10-23 17:08 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-06-13 22:50 . 2009-06-13 22:51 -------- d-----w- c:\program files\Common Files\McAfee
2009-06-13 22:50 . 2009-06-13 22:51 -------- d-----w- c:\program files\McAfee.com
2009-06-13 22:49 . 2009-03-25 15:05 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-06-13 22:37 . 2009-06-13 22:37 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-13 22:37 . 2009-02-11 14:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-13 22:37 . 2009-02-11 14:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 22:37 . 2009-06-13 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-13 22:08 . 2009-06-13 22:08 -------- d-----w- c:\documents and settings\Owner\Application Data\URSoft
2009-06-13 22:08 . 2009-06-13 22:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-13 21:08 . 2009-06-13 21:08 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-06 14:06 . 2009-06-13 23:02 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-05-21 02:50 . 2009-05-21 02:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-05-18 10:34 . 2009-05-18 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Wide Angle Software
2009-05-18 10:27 . 2009-05-18 10:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Wide Angle Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 20:47 . 2009-04-12 16:26 -------- d-----w- c:\program files\Steam
2009-06-15 01:26 . 2009-03-05 06:18 -------- d-----w- c:\program files\McAfee
2009-06-13 22:54 . 2009-03-05 06:18 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-13 22:31 . 2009-04-05 19:04 7912 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-09 23:14 . 2009-04-26 19:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Ahead
2009-06-05 10:40 . 2009-03-05 11:24 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-05-19 10:29 . 2009-05-19 10:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-05-19 10:29 . 2009-05-19 10:28 -------- d-----w- c:\program files\iTunes
2009-05-19 10:29 . 2009-05-19 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-19 10:29 . 2009-05-19 10:29 -------- d-----w- c:\program files\iPod
2009-05-19 10:29 . 2009-05-19 10:27 -------- d-----w- c:\program files\Common Files\Apple
2009-05-19 10:28 . 2009-05-19 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-19 10:28 . 2009-05-19 10:28 -------- d-----w- c:\program files\Bonjour
2009-05-19 10:28 . 2009-03-05 06:13 -------- d-----w- c:\program files\QuickTime
2009-05-19 10:27 . 2009-05-19 10:27 -------- d-----w- c:\program files\Apple Software Update
2009-05-19 10:27 . 2009-05-19 10:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-06 20:52 . 2009-04-26 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-05-06 20:51 . 2009-05-06 20:52 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-06 20:51 . 2009-03-05 06:11 -------- d-----w- c:\program files\Java
2009-05-06 20:51 . 2009-05-06 20:51 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-29 10:31 . 2009-04-29 10:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-04-29 10:29 . 2009-04-29 10:29 34062 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
2009-04-26 19:42 . 2009-04-26 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-04-26 19:41 . 2009-04-26 19:40 -------- d-----w- c:\program files\Common Files\Ahead
2009-04-26 19:40 . 2009-04-26 19:40 -------- d-----w- c:\program files\Nero
2009-04-26 19:40 . 2009-04-26 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-04-12 01:31 . 2009-04-12 01:31 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-29 19:58 . 2005-01-10 01:26 71616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-25 15:06 . 2009-03-25 15:06 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-03-19 20:32 . 2009-05-19 10:29 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
.

------- Sigcheck -------

[-] 2005-03-14 01:17 359936 6129E70F3D2F1E60860C930EBEAF92C2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[-] 2005-03-14 00:55 359808 0E66B538096A6529D1AC66E78EB0D5C8 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-16_10.47.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-16 20:45 . 2009-06-16 20:45 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
+ 2005-01-10 01:17 . 2009-06-16 20:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-01-10 01:17 . 2009-06-16 08:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-01-10 01:17 . 2009-06-16 20:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-01-10 01:17 . 2009-06-16 08:52 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-26 22:08 . 2008-09-26 22:08 3204368 c:\windows\Downloaded Program Files\EPUWALcontrol.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Steam"="c:\program files\Steam\Steam.exe" [2009-06-13 1217784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-26 50776]
"SpybotSD TeaTimer"="c:\dvd programs\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-01-22 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-01-22 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-01-22 114688]
"HostManager"="c:\program files\Common Files\AOL\1236233593\ee\AOLSoftware.exe" [2006-03-10 48280]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-08-27 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2005-10-28 8740864]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-06 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\dvd programs\WZQKPICK.EXE [2008-9-10 525664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1236233593\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [4/12/2009 12:47 PM 457856]
.
Contents of the 'Scheduled Tasks' folder

2009-06-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-03-08 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-12-12 19:00]

2009-03-16 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-12-12 19:00]

2009-03-21 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-12-12 19:00]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 14:53]

2009-06-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-13 14:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5064
uInternet Connection Wizard,ShellNext = hxxp://clienturls.aol.com/safety/us/securitycenter/migration_asp2retired
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-16 17:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-16 17:32
ComboFix-quarantined-files.txt 2009-06-16 21:32
ComboFix2.txt 2009-06-16 10:48

Pre-Run: 209,337,573,376 bytes free
Post-Run: 209,332,269,056 bytes free

211 --- E O F --- 2009-03-06 12:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:38 PM, on 6/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\America Online 9.0\waol.exe
C:\DVD PROGRAMS\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\common files\aol\1236233593\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1236233593\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\DVD PROGRAMS\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\DVD PROGRAMS\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TP&M=GT5064
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://clienturls.aol.com/safety/us/securi...ion_asp2retired
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\DVD PROGRAMS\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236233593\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\DVD PROGRAMS\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\DVD PROGRAMS\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DVD PROGRAMS\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\DVD PROGRAMS\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 10092 bytes

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 June 2009 - 08:05 AM

Hi,

Please post also the log from Virustotal.com (step 3). :thumbup2:

#12 KINNEY0201

KINNEY0201
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 17 June 2009 - 04:22 PM

Sorry. Here it is.

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1356 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6566 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 -
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 -
NOD32 4164 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.17 -
Additional information
File size: 359808 bytes
MD5...: 0e66b538096a6529d1ac66e78eb0d5c8
SHA1..: 7f58d9a7f8fe3deb599ca716ed6178c8782e679c
SHA256: 2c9028b31d1d185365d17a810ec07da4717dc5e7a9cde7fee72abce01f7c863d
ssdeep: 6144:VNYTrUxoqBZ9pNYvT0OfWRD2debDtbatkqG+olFgo9noIbPCS2qZ/x1QFIa
qT5A9:PYT8oqr9pBqsftbokQcFgo9noI2S/xEx

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x51416
timedatestamp.....: 0x4234e0e9 (Mon Mar 14 00:55:05 2005)
machinetype.......: 0x14c (I386)

( 10 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0x3eb66 0x3eb80 6.60 7f386fe33cf70a05e9c0d5418f4684e8
.rdata 0x3ef00 0x57c 0x580 4.44 f8867c8e31893710856b9c40f038ef84
.data 0x3f480 0xa4a4 0xa500 0.06 2996463b9cc940f7cfffa6e035cce970
PAGE 0x49980 0x1f2b 0x1f80 6.38 a4a4a47c61016b27245f915d13e319f2
PAGELK 0x4b900 0x6f2 0x700 6.21 3930c9d1f4287463cab323d61137820a
PAGEIPMc 0x4c000 0x2781 0x2800 6.43 11ba7469f3f5960b72eb74563c17bca2
.edata 0x4e800 0x341 0x380 5.20 96b16a854093d288e9c7e0cd3cc2672c
INIT 0x4eb80 0x5836 0x5880 6.21 9b1e002ac593876bc8fd65977b5e2115
.rsrc 0x54400 0x3f0 0x400 3.40 b5cd6cdddbc2fe06bcccb6c540d4b102
.reloc 0x54800 0x3560 0x3580 6.81 e39f8fd1a7445b253d8affdd5d778813

( 4 imports )
> HAL.dll: KfLowerIrql, KeRaiseIrqlToDpcLevel, KfReleaseSpinLock, KfAcquireSpinLock, KfRaiseIrql, KeGetCurrentIrql, KeQueryPerformanceCounter, ExAcquireFastMutex, ExReleaseFastMutex
> NDIS.SYS: NdisCloseAdapter, NdisCancelSendPackets, NdisFreePacket, NdisUnchainBufferAtFront, NdisCompletePnPEvent, NdisFreePacketPool, NdisRequest, NdisAllocatePacket, NdisFreeMemory, NdisQueryAdapterInstanceName, NdisGetDriverHandle, NdisOpenAdapter, NdisAllocatePacketPoolEx, NdisGetReceivedPacket, NdisRegisterProtocol, NdisAllocateBuffer, NdisSetPacketPoolProtocolId, NdisReturnPackets, NdisCopyBuffer, NdisAllocateBufferPool, NdisFreeBufferPool, NdisReEnumerateProtocolBindings, NdisCompleteBindAdapter
> ntoskrnl.exe: IoCreateDevice, _wcsicmp, wcscpy, wcsncpy, wcschr, ZwSetInformationThread, KeLeaveCriticalRegion, KeEnterCriticalRegion, KeQueryTimeIncrement, KeSetEvent, IoDeleteSymbolicLink, ExDeleteNPagedLookasideList, KeDelayExecutionThread, ZwOpenKey, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, ExInitializeNPagedLookasideList, MmLockPagableSectionByHandle, ZwQueryValueKey, ZwSetValueKey, InterlockedPopEntrySList, InterlockedPushEntrySList, ExIsProcessorFeaturePresent, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, RtlMapGenericMask, IoGetFileObjectGenericMapping, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, IofCallDriver, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfDereferenceObject, RtlAddAce, RtlGetAce, IoCreateSymbolicLink, RtlInitializeSid, RtlLengthRequiredSid, ObSetSecurityObjectByPointer, RtlSelfRelativeToAbsoluteSD, RtlGetSaclSecurityDescriptor, RtlGetGroupSecurityDescriptor, RtlGetOwnerSecurityDescriptor, RtlGetDaclSecurityDescriptor, RtlVerifyVersionInfo, VerSetConditionMask, IoWMIRegistrationControl, IoGetCurrentProcess, KeInitializeTimerEx, RtlExtendedIntegerMultiply, KeQueryInterruptTime, _aulldiv, DbgBreakPoint, KeSetTargetProcessorDpc, RtlSetBit, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, ObDereferenceSecurityDescriptor, PsGetCurrentProcessId, RtlWalkFrameChain, _aulldvrm, ExNotifyCallback, ExCreateCallback, ObReferenceObjectByHandle, MmUnlockPages, SeFreePrivileges, SeAppendPrivileges, ObLogSecurityDescriptor, SeAssignSecurity, IoFileObjectType, MmProbeAndLockPages, IoAllocateMdl, _except_handler3, ProbeForWrite, ObfReferenceObject, PsGetCurrentProcess, RtlPrefetchMemoryNonTemporal, KeInitializeMutex, MmIsThisAnNtAsSystem, KeWaitForSingleObject, KeReleaseMutex, KeReadStateEvent, IoDeleteDevice, ZwEnumerateValueKey, RtlUnicodeStringToInteger, RtlIpv4StringToAddressW, RtlTimeToTimeFields, ExLocalTimeToSystemTime, RtlExtendedMagicDivide, RtlAppendUnicodeToString, ZwClose, _allmul, MmQuerySystemSize, RtlCompareUnicodeString, RtlInitializeBitMap, RtlClearAllBits, RtlSetBits, wcslen, RtlAreBitsSet, RtlClearBits, RtlFindClearBitsAndSet, RtlFindClearRuns, DbgPrint, memmove, RtlCopyUnicodeString, RtlAppendUnicodeStringToString, ZwLoadDriver, KeResetEvent, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, IofCompleteRequest, ExfInterlockedAddUlong, MmMapLockedPagesSpecifyCache, IoFreeMdl, ExfInterlockedInsertTailList, RtlInitUnicodeString, MmMapLockedPages, KeNumberProcessors, RtlUnicodeStringToAnsiString, MmLockPagableDataSection, MmUnlockPagableImageSection, RtlCompareMemory, ExAllocatePoolWithTag, KeCancelTimer, KeClearEvent, RtlAnsiStringToUnicodeString, IoRaiseInformationalHardError, KeInitializeEvent, ExFreePoolWithTag, ExAllocatePoolWithTagPriority, KeInitializeSpinLock, _alldiv, KeQuerySystemTime, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, KeBugCheckEx, RtlSubAuthoritySid, KeTickCount, MmBuildMdlForNonPagedPool, ZwDeviceIoControlFile, ZwCreateFile
> TDI.SYS: CTESystemUpTime, CTEBlock, CTELogEvent, CTESignal, CTEBlockWithTracker, CTEStartTimer, CTEInitEvent, CTEScheduleDelayedEvent, CTEInitTimer, TdiProviderReady, CTEInitialize, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiDeregisterDeviceObject, TdiRegisterDeviceObject, TdiDeregisterProvider, TdiRegisterProvider, TdiPnPPowerRequest, TdiCopyMdlChainToMdlChain, TdiInitialize, TdiDeregisterPnPHandlers, TdiRegisterPnPHandlers, CTEScheduleEvent, TdiCopyBufferToMdl, CTERemoveBlockTracker, CTEInsertBlockTracker, TdiMapUserRequest, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel

( 31 exports )
ARPRcv, ARPRcvPacket, FreeIprBuff, GetIFAndLink, IPAddInterface, IPAllocBuff, IPDelInterface, IPDelayedNdisReEnumerateBindings, IPDeregisterARP, IPDisableSniffer, IPEnableSniffer, IPFreeBuff, IPGetAddrType, IPGetBestInterface, IPGetInfo, IPInjectPkt, IPProxyNdisRequest, IPRcvComplete, IPRcvPacket, IPRegisterARP, IPRegisterProtocol, IPSetIPSecStatus, IPTransmit, LookupRoute, LookupRouteInformation, LookupRouteInformationWithBuffer, SendICMPErr, SetIPSecPtr, UnSetIPSecPtr, UnSetIPSecSendPtr, tcpxsum

PDFiD.: -
RDS...: NSRL Reference Data Set
-


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 June 2009 - 07:26 AM

Hi,

Which problems do you still have?

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:15 PM

Posted 26 June 2009 - 06:03 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users