GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-12-15 15:58:23
Windows 5.0.2195 Service Pack 4
---- System - GMER 1.0.14 ----
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xBBCCAF20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xBBC069B5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xBBC06A48]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xBBC06979]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xBBC06A5C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBBC06A70]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBBC06AD4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBBC06AC0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBBC069F3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBBC06AFC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xBBC06A34]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xBBC06951]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xBBC06965]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xBBC069C9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xBBC06B39]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBBC06AAC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBBC06A98]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xBBC06B25]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xBBC06B11]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xBBC069A1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBBC0698D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xBBC06A84]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBBC06A20]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xBBC06AE8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBBC06A07]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xBBC069DD]
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!ZwYieldExecution 80432F24 7 Bytes JMP BBC069E1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 804A7172 5 Bytes JMP BBC069B9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 804D00AC 5 Bytes JMP BBC069F7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 804D0D08 5 Bytes JMP BBC06A0B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 804D2AE6 5 Bytes JMP BBC069CD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 804DEB24 5 Bytes JMP BBC06955 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenThread 804DEDE4 5 Bytes JMP BBC06969 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 804DF958 5 Bytes JMP BBC06991 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 804E2264 5 Bytes JMP BBC0697D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 804E32CC 6 Bytes JMP BBC06A24 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 804E7DDA 5 Bytes JMP BBC069A5 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 80511E50 5 Bytes JMP BBC06A4C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 80512214 5 Bytes JMP BBC06A60 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80512430 5 Bytes JMP BBC06A74 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 8051263E 5 Bytes JMP BBC06AD8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80512894 5 Bytes JMP BBC06AC4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 80512D3E 6 Bytes JMP BBC06B00 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwOpenKey 805133F2 5 Bytes JMP BBC06A38 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80513672 5 Bytes JMP BBC06B3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 80513908 5 Bytes JMP BBC06A9C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 80513BFC 5 Bytes JMP BBC06B15 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80513F9A 5 Bytes JMP BBC06A88 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 80514268 5 Bytes JMP BBC06AEC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8051470A 5 Bytes JMP BBC06B29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 805148DA 5 Bytes JMP BBC06AB0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- User code sections - GMER 1.0.14 ----
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 02E30056
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 02E30FCD
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 02E3007D
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 02E30FEF
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 02E30020
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 02E3008E
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 02E3003B
.text C:\WINNT\system32\services.exe[216] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 02E30FDE
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 02E4000B
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 02E4001C
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 02E4007B
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 02E40097
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 02E40FB8
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 02E40044
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 02E40055
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 02E40F8C
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 02E40F13
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateNamedPipeA 7C591C5F 1 Byte [ E9 ]
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateNamedPipeA + 2 7C591C61 3 Bytes [ F3, 8A, 86 ]
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 02E40FD4
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 02E40F7B
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 02E400D1
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 02E40F24
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 02E400C0
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 02E40F5C
.text C:\WINNT\system32\services.exe[216] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 02E40F40
.text C:\WINNT\system32\services.exe[216] WS2_32.DLL!socket 7503353D 5 Bytes JMP 02E10FE5
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 01350FEF
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 01350FD3
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 01350075
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 01350091
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 01350FA7
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 01350027
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 01350053
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 01350064
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 01350F0A
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 0135000B
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 01350FB8
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 01350F75
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 01350F42
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 01350F26
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 013500BA
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 01350F64
.text C:\WINNT\system32\lsass.exe[228] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 01350F53
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 01340052
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 01340FBD
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 01340063
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 4 Bytes JMP 0134000B
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 0134002D
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 01340074
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 01340FDA
.text C:\WINNT\system32\lsass.exe[228] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 4 Bytes JMP 0134001C
.text C:\WINNT\system32\lsass.exe[228] WS2_32.DLL!socket 7503353D 5 Bytes JMP 01320FEF
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00BD003A
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00BD0FB1
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00BD0057
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00BD0FEF
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00BD0FD3
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00BD0072
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00BD0FC2
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00BD000B
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00BE0FEF
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00BE0FD3
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00BE008E
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00BE009F
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00BE0027
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00BE0038
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00BE0057
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00BE0072
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00BE0110
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00BE0FB8
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00BE0016
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00BE00B0
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00BE0F52
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00BE00FF
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetStartupInfoW 7C596B15 3 Bytes JMP 00BE00D2
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetStartupInfoW + 4 7C596B19 1 Byte [ 84 ]
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00BE00C1
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00BE00E3
.text C:\WINNT\system32\svchost.exe[396] WS2_32.dll!socket 7503353D 5 Bytes JMP 00BB0FEF
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00F60F8C
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 00F60015
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00F60F65
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00F60FEF
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00F60FC2
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00F60F4A
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00F60FA7
.text C:\WINNT\System32\svchost.exe[460] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00F60FD3
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00F70FEF
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00F7000B
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00F70F94
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00F70094
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00F70031
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00F7004F
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00F70FA5
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00F70078
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00F700E3
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00F70FD3
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00F70FC2
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00F700A5
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00F70F36
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00F70F25
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00F700D2
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00F70F78
.text C:\WINNT\System32\svchost.exe[460] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00F70F5D
.text C:\WINNT\System32\svchost.exe[460] WS2_32.dll!socket 7503353D 5 Bytes JMP 00F40000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] KERNEL32.DLL!LoadLibraryA 7C59026D 5 Bytes JMP 0041BF60 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] KERNEL32.DLL!LoadLibraryW 7C59031E 5 Bytes JMP 0041BFE0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00DE0000
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00DE001C
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00DE0060
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00DE0F60
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00DE0FA1
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00DE0F90
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00DE003A
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00DE0F71
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00DE00A9
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00DE0FE4
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00DE0FC9
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00DE0F4F
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00DE0098
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00DE0EEB
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00DE0F18
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 00DE007C
.text C:\WINNT\system32\MSTask.exe[968] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00DE0EFC
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00DD0037
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 00DD0052
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00DD0063
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00DD0000
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00DD0026
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 00DD0FA2
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00DD0FD3
.text C:\WINNT\system32\MSTask.exe[968] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00DD0FE4
.text C:\WINNT\system32\MSTask.exe[968] WS2_32.DLL!socket 7503353D 5 Bytes JMP 00DB0FE5
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 010B0F9D
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 010B0026
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 010B0F8C
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 5 Bytes JMP 010B0FEF
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 010B0FC9
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 010B004D
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 010B0FB8
.text C:\WINNT\Explorer.EXE[1140] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 5 Bytes JMP 010B000B
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 010C0FE4
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 010C0FD3
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 010C0F7A
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 010C0F69
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 010C0017
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 010C0F8B
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 010C0043
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 010C0054
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 010C00AE
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 010C0FC2
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 010C0FA7
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 010C0F3F
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 010C0F01
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 010C0EE5
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 010C0084
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 010C0F2E
.text C:\WINNT\Explorer.EXE[1140] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 010C0F12
.text C:\WINNT\Explorer.EXE[1140] WS2_32.DLL!socket 7503353D 5 Bytes JMP 01090000
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenA 630177D1 5 Bytes JMP 01730000
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenUrlA 63017F9A 5 Bytes JMP 0173002A
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenW 6301A109 5 Bytes JMP 01730FEF
.text C:\WINNT\Explorer.EXE[1140] WININET.dll!InternetOpenUrlW 6301A420 5 Bytes JMP 01730FD3
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyA 7C2E96C8 5 Bytes JMP 014C0026
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyW 7C2E9954 5 Bytes JMP 014C0F9D
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyExA 7C2ED804 5 Bytes JMP 014C0037
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyA 7C2EDC59 4 Bytes JMP 014C0FEF
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 014C0FD3
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 014C0F76
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 014C0FC2
.text C:\WINNT\system32\svchost.exe[1192] ADVAPI32.DLL!RegOpenKeyW 7C2F4C09 4 Bytes JMP 014C000B
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 014D0000
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 014D0FD9
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 014D006F
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 014D008B
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 014D0FA2
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 014D002E
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 014D003F
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 014D005E
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 014D00F3
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 014D0FBE
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 014D0011
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 014D00A7
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 014D00E2
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 014D0F35
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 014D0F51
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 014D0F62
.text C:\WINNT\system32\svchost.exe[1192] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 014D00C6
.text C:\WINNT\system32\svchost.exe[1192] WS2_32.dll!socket 7503353D 5 Bytes JMP 014A0000
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateFileA 7C58C243 5 Bytes JMP 00230FE4
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateFileW 7C58C275 5 Bytes JMP 00230FD3
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!VirtualProtect 7C58E9EE 5 Bytes JMP 00230F4D
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!VirtualProtectEx 7C58EA08 5 Bytes JMP 00230F31
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryA 7C59026D 5 Bytes JMP 00230FB1
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryW 7C59031E 5 Bytes JMP 00230031
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryExA 7C59032E 5 Bytes JMP 00230F87
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!LoadLibraryExW 7C590595 5 Bytes JMP 00230F5E
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!GetProcAddress 7C590CF7 5 Bytes JMP 00230ECA
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateNamedPipeA 7C591C5F 5 Bytes JMP 00230FC2
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateNamedPipeW 7C591CCF 5 Bytes JMP 00230020
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreatePipe 7C5946A1 5 Bytes JMP 00230F20
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateProcessA 7C595040 5 Bytes JMP 00230077
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!CreateProcessW 7C596981 5 Bytes JMP 00230093
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!GetStartupInfoW 7C596B15 5 Bytes JMP 00230EF7
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!GetStartupInfoA 7C596BAA 5 Bytes JMP 0023005B
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] KERNEL32.dll!WinExec 7C59752A 5 Bytes JMP 00230EE6
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyA 7C2E96C8 5 Bytes JMP 00240025
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyW 7C2E9954 5 Bytes JMP 00240F90
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyExA 7C2ED804 5 Bytes JMP 00240036
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyA 7C2EDC59 5 Bytes JMP 00240000
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyExA 7C2EF4C0 5 Bytes JMP 00240FBE
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegCreateKeyExW 7C2EF8EA 5 Bytes JMP 0024005B
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyExW 7C2F49B1 5 Bytes JMP 00240FAD
.text C:\PROGRA~1\WINZIP\winzip32.exe[2064] ADVAPI32.dll!RegOpenKeyW 7C2F4C09 5 Bytes JMP 00240FD9
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1140] @ C:\WINNT\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- EOF - GMER 1.0.14 ----