1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Google redirect problem

Discussion in 'Malware and Virus Removal Archive' started by willc38, 2009/06/09.

Page 1 of 2
  1. 2009/06/09
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    [Resolved] Google redirect problem

    When I do a Google search and click on the links that come up, a new tab opens up in Firefox and I get re-directed to websites like homesearchtula.com and other websites. This has also spread to other websites, so when I click on links from any website, I get re-directed. My McAfee Security Center has not found anything, and I don't know what to do. Any help is appreciated. Here is my hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:28:39 PM, on 6/9/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\Will\LOCALS~1\Temp\spoolsv.exe
    C:\DOCUME~1\Will\LOCALS~1\Temp\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: C:\WINDOWS\system32\had73sfdfd.dll - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had73sfdfd.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
    O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Will\LOCALS~1\Temp\1705480376.exe
    O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\Will\LOCALS~1\Temp\taskmgr.exe
    O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\diiuq.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\WINDOWS\TEMP\diiuq.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\diiuq.exe (User 'Default user')
    O4 - Startup: ChkDisk.dll
    O4 - Startup: ChkDisk.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O22 - SharedTaskScheduler: gsf87hfunf98398jd - {C6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had73sfdfd.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c983f1a86a287a) (gupdate1c983f1a86a287a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11795 bytes
     
    willc38,
    #1
  2. 2009/06/09
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    Hi,

    Read this post as indicated at the top of this forum & follow the instructions.
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2009/06/09
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    sorry. i did read that post before i made my topic. i saw another thread where a person had a similar problem that i had, and i posted the same thing he did. should i have posted my dds logs?

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-05-14.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 1/18/2009 3:19:31 PM
    System Uptime: 6/9/2009 5:17:23 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0XD720
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | Microprocessor | 1662/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 106 GiB total, 20.53 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP45: 2/25/2009 7:22:54 PM - Installed Wright 5e Elements of Music.
    RP46: 2/26/2009 9:36:04 PM - System Checkpoint
    RP47: 2/28/2009 12:03:13 AM - System Checkpoint
    RP48: 3/1/2009 12:47:37 AM - System Checkpoint
    RP49: 3/2/2009 1:42:18 PM - System Checkpoint
    RP50: 3/5/2009 4:13:56 PM - System Checkpoint
    RP51: 3/7/2009 12:39:22 PM - System Checkpoint
    RP52: 3/13/2009 6:56:18 PM - System Checkpoint
    RP53: 3/9/2009 1:03:20 PM - System Checkpoint
    RP54: 3/10/2009 3:06:23 PM - System Checkpoint
    RP55: 3/20/2009 8:46:54 AM - System Checkpoint
    RP56: 3/21/2009 10:54:37 AM - System Checkpoint
    RP57: 3/22/2009 7:02:26 PM - System Checkpoint
    RP58: 3/24/2009 5:11:00 PM - System Checkpoint
    RP59: 3/26/2009 1:28:26 PM - System Checkpoint
    RP60: 3/28/2009 12:00:00 PM - System Checkpoint
    RP61: 3/29/2009 9:40:10 PM - System Checkpoint
    RP62: 3/31/2009 12:52:59 PM - System Checkpoint
    RP63: 4/1/2009 4:01:19 PM - System Checkpoint
    RP64: 4/2/2009 7:13:43 PM - System Checkpoint
    RP65: 4/4/2009 10:20:36 AM - System Checkpoint
    RP66: 4/5/2009 11:55:20 AM - System Checkpoint
    RP67: 4/6/2009 4:32:22 PM - System Checkpoint
    RP68: 4/7/2009 8:18:50 PM - System Checkpoint
    RP69: 4/9/2009 8:16:56 AM - System Checkpoint
    RP70: 4/10/2009 3:41:58 PM - System Checkpoint
    RP71: 4/11/2009 3:43:24 PM - System Checkpoint
    RP72: 4/12/2009 6:05:46 PM - System Checkpoint
    RP73: 4/14/2009 1:34:50 PM - System Checkpoint
    RP74: 4/14/2009 5:29:56 PM - Removed Apple Mobile Device Support
    RP75: 4/15/2009 5:40:52 PM - System Checkpoint
    RP76: 4/16/2009 7:44:06 PM - System Checkpoint
    RP77: 4/17/2009 11:19:15 PM - System Checkpoint
    RP78: 4/19/2009 11:32:24 AM - System Checkpoint
    RP79: 4/20/2009 8:20:22 PM - System Checkpoint
    RP80: 4/22/2009 9:40:28 AM - System Checkpoint
    RP81: 4/23/2009 4:06:04 PM - System Checkpoint
    RP82: 4/25/2009 2:01:35 AM - System Checkpoint
    RP83: 4/26/2009 1:18:58 PM - System Checkpoint
    RP84: 4/27/2009 3:13:08 PM - System Checkpoint
    RP85: 4/28/2009 10:03:01 PM - System Checkpoint
    RP86: 4/30/2009 9:50:56 PM - System Checkpoint
    RP87: 5/2/2009 11:56:25 AM - System Checkpoint
    RP88: 5/3/2009 12:42:31 PM - System Checkpoint
    RP89: 5/4/2009 1:49:50 PM - System Checkpoint
    RP90: 5/5/2009 9:12:16 PM - System Checkpoint
    RP91: 5/7/2009 9:09:55 AM - System Checkpoint
    RP92: 5/8/2009 9:47:28 AM - System Checkpoint
    RP93: 5/9/2009 9:52:28 AM - System Checkpoint
    RP94: 5/11/2009 12:20:37 PM - System Checkpoint
    RP95: 5/12/2009 3:03:58 PM - System Checkpoint
    RP96: 5/13/2009 5:05:11 PM - System Checkpoint
    RP97: 5/14/2009 7:26:41 PM - System Checkpoint
    RP98: 5/15/2009 8:02:42 PM - System Checkpoint
    RP99: 5/16/2009 9:06:00 PM - System Checkpoint
    RP100: 5/17/2009 9:11:23 PM - System Checkpoint
    RP101: 5/19/2009 12:05:00 PM - System Checkpoint
    RP102: 5/20/2009 12:12:06 PM - System Checkpoint
    RP103: 5/21/2009 7:35:59 PM - System Checkpoint
    RP104: 5/22/2009 8:12:51 PM - System Checkpoint
    RP105: 5/23/2009 9:18:11 PM - System Checkpoint
    RP106: 5/25/2009 12:08:40 PM - System Checkpoint

    ==== Installed Programs ======================

    µTorrent
    926plc32
    AAC Decoder
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.8
    Adobe Shockwave Player
    AIM 6
    AOLIcon
    Apple Mobile Device Support
    Apple Software Update
    ATI Catalyst Control Center
    ATI Display Driver
    AutoUpdate
    Bonjour
    Broadcom Management Programs
    Call of Duty(R) 2
    Conexant HDA D110 MDC V.92 Modem
    Corel Snapfire Plus
    DAEMON Tools Toolbar
    DC++ 0.7091
    Dell Game Console
    Dell Network Assistant
    Dell Support 3.2.1
    Dell Support Center (Support Software)
    Dell System Restore
    Dell Wireless WLAN Card
    Digital Content Portal
    Digital Line Detect
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Version Checker
    DivX Web Player
    Documentation & Support Launcher
    EA*SPORTSâ„¢ NBA*LIVE*08
    EarthLink Setup Files
    EducateU
    Games, Music, & Photos Launcher
    Get High Speed Internet!
    Google Chrome
    Google Desktop
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToAssist 8.0.0.514
    H.264 Decoder
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB908673)
    Hotfix for Windows XP (KB909095)
    Hybrid Downloader 1,0,2,6
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Last.fm 1.5.4.24567
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    McAfee SecurityCenter
    MediaDirect
    Microsoft .NET Framework 1.1
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook 2003 with Business Contact Manager Update
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Edition 2003
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    Microsoft Works
    MKV Splitter
    Modem Helper
    Mozilla Firefox (3.0.10)
    NetWaiting
    NetZeroInstallers
    OutlookAddinSetup
    Pangya (Ntreev USA)
    PokerStars
    Qualxserve Service Agreement
    QuickSet
    QuickTime
    RealPlayer Basic
    SearchAssist
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB923414)
    Sonic DLA
    Sonic MyDVD LE
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Synaptics Pointing Device Driver
    System Requirements Lab
    Update for Windows XP (KB912945)
    URL Assistant
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    WebFldrs XP
    WIDCOMM Bluetooth Software
    WildTangent Web Driver
    Windows Installer 3.1 (KB893803)
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892627
    Windows XP Hotfix - KB893056
    WinRAR archiver
    WinZip 12.0
    Wright 5e Elements of Music
    Xvid 1.1.3 final uninstall
    Yahoo! Music Jukebox

    ==== Event Viewer Messages From Past Week ========

    6/2/2009 9:04:45 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    6/2/2009 11:16:06 AM, error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
    6/2/2009 11:12:22 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.

    ==== End Of File ===========================




    DDS (Ver_09-05-14.01) - NTFSx86
    Run by Will at 17:50:12.39 on Tue 06/09/2009
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1338 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\Will\LOCALS~1\Temp\spoolsv.exe
    C:\DOCUME~1\Will\LOCALS~1\Temp\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Will\Desktop\dds(2).scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    mDefault_Page_URL = hxxp://www.dell.com
    mStart Page = hxxp://www.dell.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
    BHO: c:\windows\system32\had73sfdfd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had73sfdfd.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
    uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
    uRun: [Diagnostic Manager] c:\docume~1\will\locals~1\temp\1705480376.exe
    uRun: [Windows System Recover!] c:\docume~1\will\locals~1\temp\taskmgr.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe "
    mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    dRun: [<NO NAME>] c:\windows\temp\diiuq.exe
    dRun: [nzdflkioezncfiunfindiuchiuenfcdc] c:\windows\temp\diiuq.exe
    dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
    StartupFolder: c:\documents and settings\will\start menu\programs\startup\ChkDisk.dll
    StartupFolder: c:\docume~1\will\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    uPolicies-explorer: NoFolderOptions = 1 (0x1)
    uPolicies-system: DisableRegistryTools = 1 (0x1)
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    dPolicies-system: DisableRegistryTools = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    STS: c:\windows\system32\had73sfdfd.dll: {c6c7b2a1-00f3-42bd-f434-00aaba2c8953} - c:\windows\system32\had73sfdfd.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\will\applic~1\mozilla\firefox\profiles\i2k9aow7.default\
    FF - prefs.js: browser.startup.homepage - dell.myway.com
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\will\application data\mozilla\firefox\profiles\i2k9aow7.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

    ============= SERVICES / DRIVERS ===============

    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024]
    R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [2006-12-9 33664]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-18 210216]
    R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-18 359952]
    R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-18 144704]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-18 24652]
    R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-18 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-18 79880]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-18 35272]
    R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-18 40552]
    S2 gupdate1c983f1a86a287a;Google Update Service (gupdate1c983f1a86a287a);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-18 34216]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

    =============== Created Last 30 ================

    2009-06-09 17:28 <DIR> --d----- c:\program files\Trend Micro
    2009-06-09 17:05 <DIR> --d----- c:\program files\iPod
    2009-06-02 20:59 <DIR> --d-h--- c:\windows\system32\GroupPolicy
    2009-06-01 11:09 40,960 a--sh--- c:\documents and settings\will\protect.dll
    2009-06-01 11:09 40,960 a--sh--- c:\windows\system32\autochk.dll
    2009-06-01 10:54 46 a------- c:\windows\system32\p2hhr.bat
    2009-06-01 10:54 15,000 a------- c:\windows\system32\had73sfdfd.dll
    2009-05-30 17:29 <DIR> --d----- c:\windows\system32\LogFiles
    2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
    2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
    2009-05-26 01:18 <DIR> --d----- c:\docume~1\will\applic~1\Malwarebytes
    2009-05-26 01:18 15,504 a------- c:\windows\system32\drivers\mbam.sys
    2009-05-26 01:18 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 01:18 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 01:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-05-25 21:20 24,576 a------- c:\windows\system32\dllcache\userinit.exe
    2009-05-25 21:20 1 a------- c:\windows\system32\uniq.tll
    2009-05-14 16:21 <DIR> --d----- c:\program files\PokerStars
    2009-05-12 19:48 2,800,669 a------- c:\windows\system32\GameMon.des
    2009-05-12 19:47 5,174 a------- c:\windows\system32\nppt9x.vxd
    2009-05-12 19:47 4,682 a------- c:\windows\system32\npptNT2.sys
    2009-05-12 19:47 <DIR> --d----- c:\program files\common files\INCA Shared
    2009-05-12 19:41 <DIR> --d----- C:\Ntreev USA
    2009-05-12 19:25 <DIR> --d----- c:\program files\Persona

    ==================== Find3M ====================

    2009-05-27 01:54 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
    2009-04-15 13:59 1,048 a------- c:\docume~1\will\applic~1\wklnhst.dat
    2009-01-18 15:25 61,224 a------- c:\documents and settings\will\GoToAssistDownloadHelper.exe
    2007-10-27 17:51 590,262,272 a------- c:\program files\Office2007_Blue_Edition.iso
    2006-10-27 19:44 175 a------- c:\program files\autorun.inf
    2006-10-27 19:26 2,480 a------- c:\program files\README.HTM

    ============= FINISH: 17:51:26.23 ===============
     
    willc38,
    #3
  5. 2009/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download GooredFix and save it to your Desktop.
    Double-click Goored.exe to run it.
    Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
    A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
    Note: Do not run Option #2 yet.
     
    broni,
    #4
  6. 2009/06/09
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    GooredFix v1.92 by jpshortstuff
    Log created at 00:31 on 10/06/2009 running Option #1 (Will)
    Firefox version 3.0.10 (en-US)

    =====Suspect Goored Entries=====

    =====Dumping Registry Values=====

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Plugins "= "C:\Program Files\Mozilla Firefox\plugins "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
    "Components "= "C:\Program Files\Mozilla Firefox\components "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
    "{B7082FAA-CB62-4872-9106-E42DD88EDE45} "= "C:\Program Files\McAfee\SiteAdvisor "
     
    willc38,
    #5
  7. 2009/06/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #6
  8. 2009/06/10
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    You are 'on your way', but yes, the instructions ask for those logs.
     
    Admin.,
    #7
  9. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/10/2009 at 06:11 PM

    Application Version : 4.26.1004

    Core Rules Database Version : 3932
    Trace Rules Database Version: 1875

    Scan type : Complete Scan
    Total Scan Time : 05:37:06

    Memory items scanned : 258
    Memory threats detected : 1
    Registry items scanned : 6223
    Registry threats detected : 32
    File items scanned : 74723
    File threats detected : 46

    Trojan.Smitfraud Variant-Gen/Bensorty
    C:\WINDOWS\SYSTEM32\HAD73SFDFD.DLL
    C:\WINDOWS\SYSTEM32\HAD73SFDFD.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}
    HKCR\CLSID\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}
    HKCR\CLSID\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}
    HKCR\CLSID\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}#ThreadingModel
    HKCR\CLSID\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}\InProcServer32
    HKCR\CLSID\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}\InProcServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}
    HKU\S-1-5-21-714395751-196271454-3470312868-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6C7B2A1-00F3-42BD-F434-00AABA2C8953}

    Trojan.Downloader-WNSET/N
    [Diagnostic Manager] C:\DOCUME~1\WILL\LOCALS~1\TEMP\1705480376.EXE
    C:\DOCUME~1\WILL\LOCALS~1\TEMP\1705480376.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1084433848.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1241305366.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1431970308.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1496566834.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1553681766.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1675269986.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1705331792.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1705480376.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\1954299276.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\2156207112.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\2165665794.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\2272286278.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\2415753320.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3307533590.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3397268224.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3478569312.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3558947098.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3636090792.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3743271330.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\3929375852.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\4075339128.EXE
    C:\WINDOWS\Prefetch\4075339128.EXE-1B1AF392.pf

    Rogue.AntiVirusXP
    HKU\.DEFAULT\Software\AntivirusXP
    HKU\S-1-5-18\Software\AntivirusXP
    HKLM\Software\AntivirusXP
    HKLM\Software\AntivirusXP#Autorun
    HKLM\Software\AntivirusXP#RegisterShellExtension
    HKLM\Software\AntivirusXP#CheckForUpdates
    HKLM\Software\AntivirusXP#QuickScanAtStartup
    HKLM\Software\AntivirusXP#StartMinimized
    HKLM\Software\AntivirusXP#ID
    HKLM\Software\AntivirusXP#ScanArchives
    HKLM\Software\AntivirusXP#ScanFiles
    HKLM\Software\AntivirusXP#ScanMail
    HKLM\Software\AntivirusXP#ScanProcesses
    HKLM\Software\AntivirusXP#ScanRegistry
    HKLM\Software\AntivirusXP#BasesVersion
    HKLM\Software\AntivirusXP#CoreVersion
    HKLM\Software\AntivirusXP#TotalScans
    HKLM\Software\AntivirusXP#lastScanDate
    HKLM\Software\AntivirusXP#lastScanTime
    HKLM\Software\AntivirusXP#lastUpdateDate
    HKLM\Software\AntivirusXP#lastUpdateTime

    Trojan.Downloader-WNSET/N-Variant
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\170971002.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\247798834.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\462449820.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\525974868.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\584244762.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\628852588.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\808892530.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\858689112.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\882707806.EXE
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\966592576.EXE

    Trojan.Unclassified/LSASS-Fake
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\LSASS.EXE

    Trojan.Dropper/SVCHost-Fake
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\SVCHOST.EXE

    Trojan.Downloader-Winlogon/FAS
    C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\TEMP\WINLOGON.EXE

    Malware.Installer-Pkg/Gen
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{651956B7-1969-42AA-9453-E0B813019D54}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE
    C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE
     
    willc38,
    #8
  10. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.37
    Database version: 2259
    Windows 5.1.2600 Service Pack 2

    6/10/2009 7:23:11 PM
    mbam-log-2009-06-10 (19-23-11).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 178984
    Time elapsed: 24 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 0
    Registry Values Infected: 5
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 19

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    C:\WINDOWS\system32\autochk.dll (Trojan.Downloader) -> Delete on reboot.

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\autochk.dll (Trojan.Downloader) -> Delete on reboot.
    C:\Documents and Settings\NetworkService\protect.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\LocalService\protect.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\protect.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\start menu\Programs\Startup\ChkDisk.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP108\A0016991.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\kungsfsppfcugu.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\kungsftrskqiai.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\config\systemprofile\protect.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\ChkDisk.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\msb.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\Local Settings\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\Will\Local Settings\Temp\services.exe (Password.Stealer) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Will\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> Delete on reboot.
     
    willc38,
    #9
  11. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-06-10 21:18:09
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    INT 0x62 ? 89DE3BF8
    INT 0x82 ? 89DE3BF8
    INT 0x84 ? 89BAABF8
    INT 0x94 ? 89BAABF8
    INT 0xB4 ? 89BAABF8

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB09964EA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB0996581]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0996498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB09964AC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0996595]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB09965C1]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB0996634]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB0996619]
    Code 89AA2120 ZwFlushInstructionCache
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB099652A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB099665E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB099656D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0996470]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0996484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB09964FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB099669A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB0996603]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB09965ED]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB09965AB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0996686]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB0996672]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB09964D6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB09964C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB09965D7]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB0996559]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB0996648]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB0996540]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB0996514]
    Code 89AF963E IofCallDriver
    Code 89C49D5E IofCompleteRequest
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!IofCallDriver 804EEF9C 5 Bytes JMP 89AF9643
    .text ntkrnlpa.exe!IofCompleteRequest 804EF02C 5 Bytes JMP 89C49D63
    .text ntkrnlpa.exe!ZwYieldExecution 80503EF8 7 Bytes JMP B0996518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtCreateFile 80577E64 5 Bytes JMP B09964EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B09D2 7 Bytes JMP B099652E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B17E0 5 Bytes JMP B0996544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B51D2 5 Bytes JMP 89AA2124
    PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6DA6 7 Bytes JMP B0996502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805C9C86 5 Bytes JMP B0996474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805C9F12 5 Bytes JMP B0996488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC6D0 5 Bytes JMP B09964C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF9A6 7 Bytes JMP B09964B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 805CFA5C 5 Bytes JMP B099649C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 805CFF7E 5 Bytes JMP B09964DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D11AE 5 Bytes JMP B099655D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryValueKey 8062015E 7 Bytes JMP B09965F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 806204AC 5 Bytes JMP B0996676 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80620764 7 Bytes JMP B09965DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnloadKey 80620A2C 7 Bytes JMP B099664C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80621272 7 Bytes JMP B0996607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 80621ACA 7 Bytes JMP B09965AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateKey 806220A4 5 Bytes JMP B0996585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80622534 7 Bytes JMP B0996599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622704 7 Bytes JMP B09965C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateKey 806228E4 5 Bytes JMP B0996638 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80622B4E 7 Bytes JMP B099661D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 8062343A 5 Bytes JMP B0996571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryKey 8062375E 7 Bytes JMP B099669E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 80623C84 5 Bytes JMP B099668A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623D9E 5 Bytes JMP B0996662 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ? spry.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B934C68E 5 Bytes JMP 89BAA1D8
    ? system32\drivers\zfyfmh.sys The system cannot find the path specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[328] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01020FEF
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01020F8B
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01020080
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0102006F
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01020054
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01020FC3
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01020F69
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010200B1
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01020F22
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01020F33
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01020F07
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01020FB2
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01020014
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01020F7A
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01020FD4
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01020025
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 01020F44
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0101002F
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01010F7C
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01010FD4
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0101000A
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01010F8D
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01010F9E
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01010FEF
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01010FC3
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01000053
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 01000038
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0100000C
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01000FEF
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0100001D
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01000FD2
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] WS2_32.dll!socket 00F83B91 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF0FEF
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF0F8A
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF0075
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0064
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF003D
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0FA5
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF00BC
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF00AB
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF00E1
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF0F48
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FF00F2
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FF002C
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FF000A
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FF009A
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FF0FCA
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FF001B
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FF0F59
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40F95
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40FB0
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A40FD2
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A40FEF
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40FC1
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A4000C
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A50F9E
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A50F54
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A50FAF
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A50FD4
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A50011
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A50F79
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A50FE5
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A50000
    .text C:\WINDOWS\system32\services.exe[948] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A20FE5
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F20FEF
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F20F66
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F20F81
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F20F9C
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F2005B
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F20036
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F20098
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F20087
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F20F10
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F20F21
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F20EFF
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F20FB9
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F20000
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00F20076
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00F2001B
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00F20FCA
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F200A9
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F10FB9
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F1002F
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F10FCA
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F10FDB
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F10F72
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F10F8D
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F10000
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F10F9E
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F00FB9
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F0004E
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F00022
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F00FEF
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F00033
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F00FDE
    .text C:\WINDOWS\system32\lsass.exe[960] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E20FE5
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AF000A
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AF007D
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AF0062
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AF0F88
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AF0051
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AF0040
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AF00C9
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AF00A2
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AF0F4B
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AF0F5C
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00AF00F5
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00AF0FB9
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AF0FEF
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00AF0F77
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00AF0FD4
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00AF0025
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00AF00DA
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AE0047
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AE008E
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AE0036
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AE001B
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AE0FDB
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AE007D
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AE0000
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AE0058
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AD003D
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AD0022
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AD0011
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AD0FE3
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AD0FBC
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AD0000
    .text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D80000
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D80049
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D80038
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D80F5E
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D80F79
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D80FAF
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D80F12
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D80F2F
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D80097
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D8007C
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D800A8
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D80F94
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D80FDB
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00D8005A
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00D8001B
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00D80FC0
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D8006B
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D70025
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D70F83
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D70FCA
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D70FE5
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D70F94
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D70FAF
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D70000
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D70036
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60F92
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60FAD
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D6001D
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60FEF
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60FBE
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D6000C
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D50FEF
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02D30000
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02D30060
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02D30F6B
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02D30F86
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02D30F97
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02D3002F
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02D30093
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02D30082
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02D30F1C
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02D300BF
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 02D30F0B
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 02D30FB2
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02D30FEF
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 02D30071
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 02D30FC3
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 02D30FDE
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 02D300A4
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02D20FCA
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02D20076
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02D2001B
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02D20000
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02D20051
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02D20FAF
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02D20FE5
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02D20036
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02D10FAB
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 02D10FBC
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02D10011
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02D10FE3
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02D10022
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02D10000
    .text C:\WINDOWS\System32\svchost.exe[1288] WS2_32.dll!socket
     
    willc38,
    #10
  12. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    71AB3B91 5 Bytes JMP 02CF0000
    .text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenW 771BAF69 5 Bytes JMP 02D00FE5
    .text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 02D0000A
    .text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 02D00027
    .text C:\WINDOWS\System32\svchost.exe[1288] WININET.dll!InternetOpenUrlW 771D5BAA 5 Bytes JMP 02D00038
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009F000A
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009F0F6D
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009F0F7E
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009F0058
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009F0FA5
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009F003D
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009F00A1
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009F0084
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009F0F19
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009F00BC
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 009F0F08
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 009F0FC0
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009F0FE5
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 009F0073
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 009F002C
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 009F001B
    .text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 009F0F3E
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009E0FAF
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009E0F61
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009E0FD4
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009E0FE5
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009E0F72
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009E0F8D
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009E0000
    .text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009E0F9E
    .text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009D0044
    .text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!system 77C293C7 5 Bytes JMP 009D0FB9
    .text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009D0018
    .text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009D0FEF
    .text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009D0029
    .text C:\WINDOWS\system32\svchost.exe[1308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009D0FDE
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008F0000
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008F0FAF
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008F00A4
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008F0FCA
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008F0087
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008F0047
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008F00EB
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008F00DA
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008F0F88
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008F0121
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008F0F77
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008F006C
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008F0FE5
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 008F00BF
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008F0036
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008F0011
    .text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008F0106
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008E0025
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008E0F97
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008E0FD4
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008E0FE5
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008E004A
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008E0FA8
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008E0000
    .text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008E0FC3
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008D0069
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!system 77C293C7 5 Bytes JMP 008D0058
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008D0FEF
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008D000C
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008D0FDE
    .text C:\WINDOWS\system32\svchost.exe[1412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008D0029
    .text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008C0000
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FEF
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00930F44
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0093002F
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930F55
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930F72
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0093001E
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00930F27
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0093006F
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00930F05
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0093009E
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00930EE0
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00930F97
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00930FDE
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 0093005E
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00930FB2
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00930FCD
    .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00930F16
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00820040
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00820080
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00820FE5
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0082001B
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00820065
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00820FB9
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00820000
    .text C:\WINDOWS\system32\svchost.exe[1440] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00820FD4
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00810FC3
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!system 77C293C7 5 Bytes JMP 00810044
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00810FDE
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00810FEF
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00810033
    .text C:\WINDOWS\system32\svchost.exe[1440] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0081000C
    .text C:\WINDOWS\system32\svchost.exe[1440] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 007F0000
    .text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenW 771BAF69 5 Bytes JMP 0080000A
    .text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 00800FE5
    .text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 00800027
    .text C:\WINDOWS\system32\svchost.exe[1440] WININET.dll!InternetOpenUrlW 771D5BAA 5 Bytes JMP 00800FD4
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01520FEF
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01520F88
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01520FA3
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0152007D
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0152006C
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01520040
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01520F77
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 015200B3
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01520F41
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015200E4
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01520F30
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0152005B
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0152000A
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01520098
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01520025
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01520FD4
    .text C:\WINDOWS\Explorer.EXE[2732] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 01520F66
    .text C:\WINDOWS\Explorer.EXE[2732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B90000
    .text C:\WINDOWS\Explorer.EXE[2732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B90F75
    .text C:\WINDOWS\Explorer.EXE[2732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B90FAB
    .text C:\WINDOWS\Explorer.EXE[2732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B90FE3
    .text C:\WINDOWS\Explorer.EXE[2732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B90F90
    .text C:\WINDOWS\Explorer.EXE[2732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B90FD2
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BA0FDB
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BA008E
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BA002C
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BA0011
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BA007D
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BA0058
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BA0000
    .text C:\WINDOWS\Explorer.EXE[2732] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BA0047
    .text C:\WINDOWS\Explorer.EXE[2732] WININET.dll!InternetOpenW 771BAF69 5 Bytes JMP 00B8000A
    .text C:\WINDOWS\Explorer.EXE[2732] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 00B80FEF
    .text C:\WINDOWS\Explorer.EXE[2732] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 00B80FDE
    .text C:\WINDOWS\Explorer.EXE[2732] WININET.dll!InternetOpenUrlW 771D5BAA 5 Bytes JMP 00B80025
    .text C:\WINDOWS\Explorer.EXE[2732] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B70FEF
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0000
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B00BF
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0FC0
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B0098
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B0087
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0076
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B00EB
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0FAF
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B010D
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B00FC
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!GetProcAddress 7C80AC28 2 Bytes JMP 001B0132
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!GetProcAddress + 3 7C80AC2B 2 Bytes [9A, 83]
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001B0FEF
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001B0025
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001B00DA
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001B005B
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001B0036
    .text C:\WINDOWS\System32\svchost.exe[6088] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001B0F88
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290011
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F83
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FCA
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290000
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F9E
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FAF
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
    .text C:\WINDOWS\System32\svchost.exe[6088] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290036
    .text C:\WINDOWS\System32\svchost.exe[6088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F7F
    .text C:\WINDOWS\System32\svchost.exe[6088] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F90
    .text C:\WINDOWS\System32\svchost.exe[6088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC6
    .text C:\WINDOWS\System32\svchost.exe[6088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
    .text C:\WINDOWS\System32\svchost.exe[6088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FAB
    .text C:\WINDOWS\System32\svchost.exe[6088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD7
    .text C:\WINDOWS\System32\svchost.exe[6088] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 003C0000

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spry.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spry.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spry.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spry.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spry.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spry.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aolsoftware.exe[716] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\AIM6\aim6.exe[3320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00CB8770
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00CB9CB0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00CBCE20
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00CBAA00
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00CB9FE0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00CBF160
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00CBF1A0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00CC02E0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00CBED50
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00CBCD80
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00CBB520
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00CBA6B0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00CBAFA0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00CC0860
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00CBC4B0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00CBCBE0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00CBD810
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00CBD2F0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00CBD790
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00CBE2B0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00CBD980
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00CBA360
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00CBB3D0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00CBF280
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00CBD430
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00CBCD20
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00CBC8E0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00CBCF30
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00CC0300
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00CBD230
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00CBC160
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00CC05A0
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00CC0540
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00CC0790
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00CC0830
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00CC0660
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00CBFF90
    IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[3592] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00CBFC80
     
    willc38,
    #11
  13. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 89DE21F8

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{FF6E0A19-B419-42BE-B4C4-D3DB121A826E} 89AFD1F8

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\usbuhci \Device\USBPDO-0 89BA91F8
    Device \Driver\usbuhci \Device\USBPDO-1 89BA91F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 89E521F8
    Device \Driver\dmio \Device\DmControl\DmConfig 89E521F8
    Device \Driver\dmio \Device\DmControl\DmPnP 89E521F8
    Device \Driver\dmio \Device\DmControl\DmInfo 89E521F8
    Device \Driver\usbuhci \Device\USBPDO-2 89BA91F8
    Device \Driver\sptd \Device\1633162764 spry.sys
    Device \Driver\usbuhci \Device\USBPDO-3 89BA91F8
    Device \Driver\usbehci \Device\USBPDO-4 89B791F8

    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \Driver\PCI_PNP4014 \Device\00000056 spry.sys
    Device \Driver\Ftdisk \Device\HarddiskVolume1 89DE41F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 89DE41F8
    Device \Driver\atapi \Device\Ide\IdePort0 89DE31F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89DE31F8
    Device \Driver\atapi \Device\Ide\IdePort1 89DE31F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 89DE31F8
    Device \Driver\Ftdisk \Device\HarddiskVolume3 89DE41F8
    Device \Driver\Ftdisk \Device\HarddiskVolume4 89DE41F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 89AFD1F8
    Device \Driver\NetBT \Device\NetbiosSmb 89AFD1F8

    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{1887BC6C-1E93-45B0-94B9-6DDF81C15A94} 89AFD1F8

    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \Driver\usbuhci \Device\USBFDO-0 89BA91F8
    Device \Driver\usbuhci \Device\USBFDO-1 89BA91F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89C381F8
    Device \Driver\usbuhci \Device\USBFDO-2 89BA91F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 89C381F8
    Device \Driver\usbuhci \Device\USBFDO-3 89BA91F8
    Device \Driver\usbehci \Device\USBFDO-4 89B791F8
    Device \Driver\Ftdisk \Device\FtControl 89DE41F8
    Device \Driver\agmzxtwl \Device\Scsi\agmzxtwl1 89B371F8
    Device \Driver\agmzxtwl \Device\Scsi\agmzxtwl1Port2Path0Target0Lun0 89B371F8
    Device \FileSystem\Fastfat \Fat 8833E1F8
    Device \FileSystem\Fastfat \Fat AC9471F9

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs 8999B500
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Services - GMER 1.0.15 ----

    Service system32\drivers\kungsffcvrmaic.sys (*** hidden *** ) [SYSTEM] kungsfvxxslxoj <-- ROOTKIT !!!
    Service C:\WINDOWS\system32\drivers\SKYNETxxtkorap.sys (*** hidden *** ) [SYSTEM] SKYNETyuiqmqpu <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj@start 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj@type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj@group file system
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj@imagepath \systemroot\system32\drivers\kungsffcvrmaic.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main@aid 10096
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main@sid 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main@cmddelay 7200
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main\delete
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main\injector
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main\injector@* kungsfwsp.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\main\tasks
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\modules
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\modules@kungsfrk.sys \systemroot\system32\drivers\kungsffcvrmaic.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\modules@kungsfcmd.dll \systemroot\system32\kungsftrskqiai.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\modules@kungsflog.dat \systemroot\system32\kungsfegdidhky.dat
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\modules@kungsfwsp.dll \systemroot\system32\kungsfsppfcugu.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\kungsfvxxslxoj\modules@kungsf.dat \systemroot\system32\kungsfrilgdjdq.dat
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu@start 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu@type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu@group file system
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu@imagepath \systemroot\system32\drivers\SKYNETxxtkorap.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu\main
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu\main\injector
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu\modules
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETxxtkorap.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNETyuiqmqpu\modules@SKYNETcmd.dll \systemroot\system32\SKYNEThrmcimcw.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x56 0x9C 0x21 0x7E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x3F 0x01 0xC6 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6B 0x68 0x9C 0x11 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj@group file system
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj@imagepath \systemroot\system32\drivers\kungsffcvrmaic.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main@aid 10096
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main@sid 0
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main@cmddelay 7200
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main\delete
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main\injector
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main\injector@* kungsfwsp.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\main\tasks
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\modules
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\modules@kungsfrk.sys \systemroot\system32\drivers\kungsffcvrmaic.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\modules@kungsfcmd.dll \systemroot\system32\kungsftrskqiai.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\modules@kungsflog.dat \systemroot\system32\kungsfegdidhky.dat
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\modules@kungsfwsp.dll \systemroot\system32\kungsfsppfcugu.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\kungsfvxxslxoj\modules@kungsf.dat \systemroot\system32\kungsfrilgdjdq.dat
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu@group file system
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu@imagepath \systemroot\system32\drivers\SKYNETxxtkorap.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu\main
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu\main\injector
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu\modules
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETxxtkorap.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\SKYNETyuiqmqpu\modules@SKYNETcmd.dll \systemroot\system32\SKYNEThrmcimcw.dll
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x56 0x9C 0x21 0x7E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x3F 0x01 0xC6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6B 0x68 0x9C 0x11 ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\drivers\SKYNETxxtkorap.sys 19968 bytes executable <-- ROOTKIT !!!

    ---- EOF - GMER 1.0.15 ----
     
    willc38,
    #12
  14. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    for some reason some of my posts didnt show up. i dont know why
     
    willc38,
    #13
  15. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-06-10 21:18:09
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.15 ----

    INT 0x62 ? 89DE3BF8
    INT 0x82 ? 89DE3BF8
    INT 0x84 ? 89BAABF8
    INT 0x94 ? 89BAABF8
    INT 0xB4 ? 89BAABF8

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB09964EA]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB0996581]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB0996498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB09964AC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB0996595]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB09965C1]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB0996634]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB0996619]
    Code 89AA2120 ZwFlushInstructionCache
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB099652A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB099665E]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB099656D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB0996470]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB0996484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB09964FE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB099669A]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB0996603]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB09965ED]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB09965AB]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB0996686]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB0996672]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB09964D6]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB09964C2]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB09965D7]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB0996559]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB0996648]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB0996540]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB0996514]
    Code 89AF963E IofCallDriver
    Code 89C49D5E IofCompleteRequest
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!IofCallDriver 804EEF9C 5 Bytes JMP 89AF9643
    .text ntkrnlpa.exe!IofCompleteRequest 804EF02C 5 Bytes JMP 89C49D63
    .text ntkrnlpa.exe!ZwYieldExecution 80503EF8 7 Bytes JMP B0996518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtCreateFile 80577E64 5 Bytes JMP B09964EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805B09D2 7 Bytes JMP B099652E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B17E0 5 Bytes JMP B0996544 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B51D2 5 Bytes JMP 89AA2124
    PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6DA6 7 Bytes JMP B0996502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805C9C86 5 Bytes JMP B0996474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805C9F12 5 Bytes JMP B0996488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC6D0 5 Bytes JMP B09964C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF9A6 7 Bytes JMP B09964B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateProcess 805CFA5C 5 Bytes JMP B099649C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 805CFF7E 5 Bytes JMP B09964DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwTerminateProcess 805D11AE 5 Bytes JMP B099655D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryValueKey 8062015E 7 Bytes JMP B09965F1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 806204AC 5 Bytes JMP B0996676 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetValueKey 80620764 7 Bytes JMP B09965DB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnloadKey 80620A2C 7 Bytes JMP B099664C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80621272 7 Bytes JMP B0996607 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRenameKey 80621ACA 7 Bytes JMP B09965AF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwCreateKey 806220A4 5 Bytes JMP B0996585 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteKey 80622534 7 Bytes JMP B0996599 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwDeleteValueKey 80622704 7 Bytes JMP B09965C5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateKey 806228E4 5 Bytes JMP B0996638 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80622B4E 7 Bytes JMP B099661D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwOpenKey 8062343A 5 Bytes JMP B0996571 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryKey 8062375E 7 Bytes JMP B099669E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 80623C84 5 Bytes JMP B099668A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623D9E 5 Bytes JMP B0996662 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ? spry.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload B934C68E 5 Bytes JMP 89BAA1D8
    ? system32\drivers\zfyfmh.sys The system cannot find the path specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[328] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[328] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01020FEF
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01020F8B
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01020080
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0102006F
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01020054
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01020FC3
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01020F69
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 010200B1
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01020F22
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01020F33
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01020F07
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01020FB2
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01020014
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01020F7A
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01020FD4
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01020025
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 01020F44
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0101002F
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01010F7C
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01010FD4
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0101000A
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01010F8D
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01010F9E
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01010FEF
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01010FC3
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01000053
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!system 77C293C7 5 Bytes JMP 01000038
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0100000C
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01000FEF
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0100001D
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01000FD2
    .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[728] WS2_32.dll!socket 00F83B91 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF0FEF
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF0F8A
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF0075
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0064
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF003D
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0FA5
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF00BC
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF00AB
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF00E1
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF0F48
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FF00F2
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FF002C
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FF000A
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FF009A
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FF0FCA
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FF001B
    .text C:\WINDOWS\system32\services.exe[948] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FF0F59
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40F95
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40FB0
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A40FD2
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A40FEF
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40FC1
    .text C:\WINDOWS\system32\services.exe[948] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A4000C
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A50F9E
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A50F54
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A50FAF
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A50FD4
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A50011
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A50F79
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A50FE5
    .text C:\WINDOWS\system32\services.exe[948] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A50000
    .text C:\WINDOWS\system32\services.exe[948] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00A20FE5
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F20FEF
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F20F66
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F20F81
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F20F9C
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F2005B
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F20036
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F20098
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F20087
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F20F10
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F20F21
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F20EFF
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F20FB9
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F20000
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00F20076
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00F2001B
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00F20FCA
    .text C:\WINDOWS\system32\lsass.exe[960] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F200A9
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00F10FB9
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00F1002F
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00F10FCA
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00F10FDB
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00F10F72
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00F10F8D
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00F10000
    .text C:\WINDOWS\system32\lsass.exe[960] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00F10F9E
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F00FB9
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F0004E
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F00022
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F00FEF
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F00033
    .text C:\WINDOWS\system32\lsass.exe[960] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F00FDE
    .text C:\WINDOWS\system32\lsass.exe[960] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00E20FE5
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AF000A
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AF007D
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AF0062
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AF0F88
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AF0051
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AF0040
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AF00C9
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AF00A2
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AF0F4B
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AF0F5C
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00AF00F5
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00AF0FB9
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00AF0FEF
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00AF0F77
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00AF0FD4
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00AF0025
    .text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00AF00DA
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AE0047
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AE008E
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AE0036
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AE001B
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AE0FDB
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AE007D
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AE0000
    .text C:\WINDOWS\system32\svchost.exe[1164] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AE0058
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AD003D
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AD0022
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AD0011
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AD0FE3
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AD0FBC
    .text C:\WINDOWS\system32\svchost.exe[1164] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AD0000
    .text C:\WINDOWS\system32\svchost.exe[1164] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AC0000
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D80000
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D80049
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D80038
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D80F5E
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D80F79
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D80FAF
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D80F12
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D80F2F
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D80097
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D8007C
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D800A8
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D80F94
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D80FDB
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00D8005A
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00D8001B
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00D80FC0
    .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D8006B
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00D70025
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00D70F83
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00D70FCA
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00D70FE5
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00D70F94
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00D70FAF
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00D70000
    .text C:\WINDOWS\system32\svchost.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00D70036
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D60F92
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D60FAD
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D6001D
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D60FEF
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D60FBE
    .text C:\WINDOWS\system32\svchost.exe[1248] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D6000C
    .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00D50FEF
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02D30000
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02D30060
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02D30F6B
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02D30F86
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02D30F97
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02D3002F
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02D30093
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02D30082
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02D30F1C
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02D300BF
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 02D30F0B
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 02D30FB2
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02D30FEF
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 02D30071
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 02D30FC3
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 02D30FDE
    .text C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 02D300A4
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02D20FCA
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02D20076
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02D2001B
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 02D20000
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02D20051
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02D20FAF
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02D20FE5
    .text C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02D20036
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02D10FAB
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!system 77C293C7 5 Bytes JMP 02D10FBC
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02D10011
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02D10FE3
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02D10022
    .text C:\WINDOWS\System32\svchost.exe[1288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02D10000
    .text C:\WINDOWS\System32\svchost.exe[1288] WS2_32.dll!socket
     
    willc38,
    #14
  16. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:30:16 PM, on 6/10/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\diiuq.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\WINDOWS\TEMP\diiuq.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\diiuq.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c983f1a86a287a) (gupdate1c983f1a86a287a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10972 bytes
     
    willc38,
    #15
  17. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    sorry my 12th post is supposed to go between the 9th and 9th post. for some reason it didnt show up and i had to post it again
     
    willc38,
    #16
  18. 2009/06/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    They're coming in numbers (double, triple, etc...)...LOL
    Let me bring some order here....
     
    broni,
    #17
  19. 2009/06/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh boy.....

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.
     
    broni,
    #18
  20. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    ComboFix 09-06-09.06 - Will 06/10/2009 22:17.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1673 [GMT -4:00]
    Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\autorun.inf
    c:\windows\system32\drivers\SKYNETxxtkorap.sys
    c:\windows\system32\kungsfegdidhky.dat
    c:\windows\system32\SKYNEThrmcimcw.dll
    c:\windows\system32\uniq.tll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_SKYNETyuiqmqpu
    -------\Service_kungsfvxxslxoj


    ((((((((((((((((((((((((( Files Created from 2009-05-11 to 2009-06-11 )))))))))))))))))))))))))))))))
    .

    2009-06-10 16:03 . 2009-06-10 22:47 117760 ----a-w- c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-06-10 16:02 . 2009-06-10 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-06-10 16:02 . 2009-06-10 16:02 65024 ----a-r- c:\documents and settings\Will\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
    2009-06-10 16:02 . 2009-06-10 16:02 18944 ----a-r- c:\documents and settings\Will\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
    2009-06-10 16:02 . 2009-06-10 16:02 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-06-10 16:02 . 2009-06-10 16:02 -------- d-----w- c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com
    2009-06-10 16:01 . 2009-06-10 16:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-09 21:28 . 2009-06-09 21:28 -------- d-----w- c:\program files\Trend Micro
    2009-06-09 21:05 . 2009-06-09 21:05 -------- d-----w- c:\program files\iPod
    2009-06-09 21:03 . 2009-06-09 21:03 -------- d-----w- c:\program files\QuickTime
    2009-06-09 20:58 . 2009-06-09 20:58 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
    2009-06-03 00:59 . 2009-06-03 00:59 -------- d--h--w- c:\windows\system32\GroupPolicy
    2009-05-30 21:29 . 2009-05-30 21:29 -------- d-----w- c:\windows\system32\LogFiles
    2009-05-26 05:18 . 2009-05-26 05:18 -------- d-----w- c:\documents and settings\Will\Application Data\Malwarebytes
    2009-05-26 05:18 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-05-26 05:18 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-05-26 05:18 . 2009-06-10 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-05-26 05:18 . 2009-05-26 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-05-26 01:20 . 2004-08-04 11:00 24576 ----a-w- c:\windows\system32\dllcache\userinit.exe
    2009-05-20 04:33 . 2009-05-20 04:33 -------- d-----w- c:\documents and settings\Will\Application Data\Viewpoint
    2009-05-14 20:21 . 2009-06-10 02:05 -------- d-----w- c:\program files\PokerStars
    2009-05-12 23:47 . 2005-01-05 03:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
    2009-05-12 23:47 . 2009-05-12 23:47 -------- d-----w- c:\program files\Common Files\INCA Shared
    2009-05-12 23:41 . 2009-05-12 23:41 -------- d-----w- C:\Ntreev USA
    2009-05-12 23:25 . 2009-05-12 23:26 -------- d-----w- c:\program files\Persona

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-11 02:34 . 2006-12-09 07:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-09 21:05 . 2009-01-18 22:22 -------- d-----w- c:\program files\iTunes
    2009-06-09 21:05 . 2009-01-18 22:18 -------- d-----w- c:\program files\Common Files\Apple
    2009-06-09 03:33 . 2009-01-31 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-06-04 01:14 . 2009-02-07 01:22 -------- d-----w- c:\documents and settings\Will\Application Data\DivX
    2009-05-31 02:52 . 2009-01-18 23:03 -------- d-----w- c:\documents and settings\Will\Application Data\uTorrent
    2009-05-27 05:54 . 2009-03-03 03:13 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-05-27 05:52 . 2009-03-03 03:13 -------- d-----w- c:\documents and settings\Will\Application Data\Corel
    2009-05-27 05:51 . 2009-03-03 03:13 88 --sh--r- c:\windows\system32\1151A1451C.sys
    2009-05-26 05:49 . 2009-02-04 13:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-05-08 00:35 . 2009-01-18 20:04 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
    2009-05-07 21:40 . 2009-01-18 23:07 -------- d-----w- c:\program files\DC++
    2009-04-30 00:11 . 2009-01-18 19:51 -------- d-----w- c:\program files\McAfee
    2009-04-15 17:59 . 2009-02-04 00:08 1048 ----a-w- c:\documents and settings\Will\Application Data\wklnhst.dat
    2009-04-14 21:36 . 2009-04-14 21:35 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-04-14 21:33 . 2009-04-14 21:33 -------- d-----w- c:\program files\Bonjour
    2009-03-25 15:06 . 2009-01-18 20:00 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
    2009-03-25 15:06 . 2009-01-18 20:00 79880 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2009-03-25 15:06 . 2009-01-18 20:00 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2009-03-25 15:06 . 2008-06-27 11:08 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2009-03-25 15:05 . 2009-01-18 19:57 34216 ----a-w- c:\windows\system32\drivers\mferkdk.sys
    2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-19 20:32 . 2009-01-18 22:23 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2007-10-27 21:51 . 2007-10-27 21:51 590262272 ----a-w- c:\program files\Office2007_Blue_Edition.iso
    2006-10-27 23:26 . 2006-10-27 23:26 2480 ----a-w- c:\program files\README.HTM
    .

    ------- Sigcheck -------

    [7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\SoftwareDistribution\SelfUpdate\wuauclt.exe
    [-] 2008-10-16 19:09 51224 F27371D51B39CE81F3BA7D8319F6B3DB c:\windows\system32\wuauclt.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
    "DellSupport "= "c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
    "ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
    "Aim6 "= "c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
    "DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI "= "c:\windows\system32\WLTRAY.exe" [2006-11-23 1392640]
    "Dell QuickSet "= "c:\program files\Dell\QuickSet\quickset.exe" [2006-08-04 1032192]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
    "ATICCC "= "c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "dla "= "c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
    "Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-09 236544]
    "PCMService "= "c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
    "dellsupportcenter "= "c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-24 206064]
    "mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
    "SigmatelSysTrayApp "= "stsystra.exe" - c:\windows\stsystra.exe [2006-03-25 282624]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
    Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-12-9 7168]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-9 24576]
    Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-11 525664]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoSetActiveDesktop "= 1 (0x1)
    "NoActiveDesktopChanges "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2009-01-18 19:31 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=" "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe "=
    "c:\\Program Files\\uTorrent\\uTorrent.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\AIM6\\aim6.exe "=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "c:\\Documents and Settings\\Will\\Desktop\\utorrent.exe "=
    "c:\\Program Files\\Persona\\Persona.exe "=
    "c:\\Program Files\\iTunes\\iTunes.exe "=
    "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "10421:UDP "= 10421:UDP:SingleClick Discovery Protocol
    "10426:UDP "= 10426:UDP:SingleClick ICC

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
    R2 BCMWLNPF;Broadcom Netgroup Packet Filter;c:\windows\system32\drivers\BCMWLNPF.SYS [12/9/2006 3:24 AM 33664]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [1/18/2009 4:02 PM 210216]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/18/2009 7:47 PM 24652]
    S2 gupdate1c983f1a86a287a;Google Update Service (gupdate1c983f1a86a287a);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2009 6:17 PM 133104]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2009-06-11 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-31 21:50]

    2009-06-11 c:\windows\Tasks\GoogleUpdateTaskMachine.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-31 22:16]

    2009-01-20 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-08-11 11:00]

    2009-05-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-18 15:53]

    2009-06-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-18 15:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    mStart Page = hxxp://www.dell.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    FF - ProfilePath - c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\i2k9aow7.default\
    FF - prefs.js: browser.startup.homepage - dell.myway.com
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\Will\Application Data\Mozilla\Firefox\Profiles\i2k9aow7.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
    FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-10 22:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath "= "c:\windows\system32\GameMon.des -service "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(908)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

    - - - - - - - > 'explorer.exe'(4136)
    c:\program files\McAfee\SiteAdvisor\saHook.dll
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\windows\system32\WLTRYSVC.EXE
    c:\windows\system32\BCMWLTRY.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\program files\Dell Network Assistant\hnm_svc.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    c:\program files\Dell Network Assistant\ezi_hnm2.exe
    c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\AIM6\aolsoftware.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
    .
    **************************************************************************
    .
    Completion time: 2009-06-11 22:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-06-11 02:37

    Pre-Run: 22,049,587,200 bytes free
    Post-Run: 22,035,271,680 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    252
     
    willc38,
    #19
  21. 2009/06/10
    willc38

    willc38 Inactive Thread Starter

    Joined:
    2009/06/09
    Messages:
    20
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:41:36 PM, on 6/10/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Dell Network Assistant\hnm_svc.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\NetWaiting\netWaiting.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\explorer.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1061209
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe "
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Dell Network Assistant.lnk = ?
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Google Update Service (gupdate1c983f1a86a287a) (gupdate1c983f1a86a287a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10720 bytes
     
    willc38,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...