For Attach it says:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.........should i post it with the rest of the .txts or zip and attach?
DDS
DDS (Ver_09-09-29.01) - NTFSx86
Run by Aaron Ko at 9:01:04.35 on Sat 10/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.779 [GMT -7:00]
AV: Sophos Anti-Virus *On-access scanning enabled* (Updated) {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LMabcoms.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TELUS\TELUS security advisor\Tsa.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
K:\FIX\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.yahoo.ca/uSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
mSearchAssistant =
hxxp://www.google.com/ieBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: XBTB03748 Class: {1cbc8587-1e29-4c2b-9739-d0e563905b32} - c:\progra~1\e-chor~1\e-chords.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [VZRemoteCommander] c:\program files\sony\vaio zone remote commander\AvRmtCtr.exe
mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Profiler] c:\program files\saitek\software\Profiler.exe
mRun: [SaiSmart] c:\program files\saitek\software\SaiSmart.exe
mRun: [TELUS_eCare_Lite_McciTrayApp] c:\program files\telus_ecare_lite\eCareTrayApp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Auto Auto EPSON Stylus CX3800 Series on sony on TOSHIBA] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p55 "auto auto epson stylus cx3800 series on sony on toshiba" /o18 "\\toshiba\AutoEPSO" /M "Stylus CX3800"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Auto EPSON Stylus CX3800 Series on HP-KO] c:\windows\system32\spool\drivers\w32x86\3\e_fatiaca.exe /p40 "auto epson stylus cx3800 series on hp-ko" /o34 "\\hp-ko\EPSON Stylus CX3800 Series" /M "Stylus CX3800"
mRun: [Tsa.exe] "c:\program files\telus\telus security advisor\Tsa.exe" /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [realtekc] "c:\documents and settings\nathan ko\application data\gmail\cssxo9416223.exe" 2
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoup~1.lnk - c:\program files\sophos\autoupdate\ALMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} -
hxxp://office.microsoft.com/templates/ieawsdc.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://download.microsoft.com/download/ ... ontrol.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} -
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabDPF: {62789780-B744-11D0-986B-00609731A21D} -
hxxp://vanmappub.vancouver.ca/download/mgaxctrl.cabDPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
hxxp://security.symantec.com/sscv6/Shar ... /cabsa.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://www.update.microsoft.com/microso ... 4153600093DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
hxxp://messenger.zone.msn.com/binary/ZI ... b56649.cabDPF: {BD393C14-72AD-4790-A095-76522973D6B8} -
hxxp://messenger.zone.msn.com/binary/Ba ... b57213.cabDPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
hxxp://messenger.zone.msn.com/binary/Me ... b56907.cabDPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
============= SERVICES / DRIVERS ===============
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-9-21 110848]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-9-21 38528]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2009-7-20 935208]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2009-9-21 80936]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2009-9-21 98304]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-9-11 172032]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 GarenaPEngine;GarenaPEngine;c:\docume~1\nathan~1\locals~1\temp\DCDE0.tmp [2009-9-19 21264]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2007-12-14 55936]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2007-12-14 19456]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-9-21 14976]
=============== Created Last 30 ================
2009-09-21 17:47 130,104 a------- c:\windows\system32\sdccoinstaller.dll
2009-09-21 17:46 <DIR> --d----- c:\program files\common files\Cisco Systems
2009-09-21 17:46 23,552 a------- c:\windows\system32\sophosboottasks.exe
2009-09-21 17:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sophos
2009-09-21 17:44 14,976 a------- c:\windows\system32\drivers\SophosBootDriver.sys
2009-09-21 17:43 38,528 a------- c:\windows\system32\drivers\savonaccessfilter.sys
2009-09-21 17:42 110,848 a------- c:\windows\system32\drivers\savonaccesscontrol.sys
2009-09-21 17:41 <DIR> --d----- c:\program files\Sophos
2009-09-21 17:41 <DIR> --d----- c:\temp\Sophos
2009-09-21 17:40 <DIR> --d----- C:\Temp
2009-09-19 13:46 54,156 a---h--- c:\windows\QTFont.qfn
2009-09-19 13:46 1,409 a------- c:\windows\QTFont.for
2009-09-09 17:43 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
==================== Find3M ====================
2009-09-21 20:35 48,896,544 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-09-21 20:35 1,652,768 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-09-21 20:35 655,940 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-09-21 20:35 155,996 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-08-05 02:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 12:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-05-19 20:55 34 a------- c:\documents and settings\aaron ko\jagex_runescape_preferences.dat
2008-11-07 01:03 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLec.DAT
2008-11-07 01:03 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLds.DAT
2008-10-27 22:41 157,368 a------- c:\docume~1\aaronk~1\applic~1\GDIPFONTCACHEV1.DAT
2008-08-30 21:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat
============= FINISH: 9:02:01.04 ===============
GMER
GMER 1.0.15.15087 -
http://www.gmer.netRootkit scan 2009-10-03 13:21:26
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\AARONK~1\LOCALS~1\Temp\pxtdypob.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0125949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0125C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0125D3B0]
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ws2_32.dll!send 71AB4C27 5 Bytes JMP 012598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01259CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sophos\AutoUpdate\ALMon.exe[1572] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01259E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0215949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0215C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!send 71AB4C27 5 Bytes JMP 021598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02159CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02159E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2608] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0215D3B0]
.text C:\program files\steam\steam.exe[2616] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 042B949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 042BC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 042B98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 042B9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\program files\steam\steam.exe[2616] WS2_32.dll!recv 71AB676F 5 Bytes JMP 042B9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\program files\steam\steam.exe[2616] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x042BD3B0]
.text C:\WINDOWS\Explorer.EXE[2996] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0174949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0174C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017498E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01749CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\Explorer.EXE[2996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01749E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\Explorer.EXE[2996] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0174D3B0]
.text C:\WINDOWS\AGRSMMSG.exe[3136] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\AGRSMMSG.exe[3136] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00BEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\AGRSMMSG.exe[3136] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00BED3B0]
.text C:\WINDOWS\AGRSMMSG.exe[3136] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\AGRSMMSG.exe[3136] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\AGRSMMSG.exe[3136] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DC949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DCC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DCD3B0]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DC98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3196] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DC9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CD949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00CDC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\SOUNDMAN.EXE[3240] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00CDD3B0]
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00CD98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\SOUNDMAN.EXE[3240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00CD9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009F949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 009FC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x009FD3B0]
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009F98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009F9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[3264] ws2_32.dll!recv 71AB676F 5 Bytes JMP 009F9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 019B949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 019BC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x019BD3B0]
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ws2_32.dll!send 71AB4C27 5 Bytes JMP 019B98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 019B9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe[3296] ws2_32.dll!recv 71AB676F 5 Bytes JMP 019B9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0108949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0108C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01089CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01089E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3308] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0108D3B0]
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012C949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 012CC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x012CD3B0]
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ws2_32.dll!send 71AB4C27 5 Bytes JMP 012C98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012C9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe[3328] ws2_32.dll!recv 71AB676F 5 Bytes JMP 012C9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B3949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00B3C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00B3D3B0]
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00B398E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B39CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe[3360] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00B39E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 037F949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 037FC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x037FD3B0]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ws2_32.dll!send 71AB4C27 5 Bytes JMP 037F98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 037F9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3388] ws2_32.dll!recv 71AB676F 5 Bytes JMP 037F9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C6949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C6C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00C6D3B0]
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C698E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C69CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe[3428] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C69E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BC949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00BCC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00BCD3B0]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BC98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BC9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3488] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BC9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0105949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0105C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0105D3B0]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ws2_32.dll!send 71AB4C27 5 Bytes JMP 010598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01059CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[3512] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01059E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 011C949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 011CC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x011CD3B0]
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ws2_32.dll!send 71AB4C27 5 Bytes JMP 011C98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011C9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[3552] ws2_32.dll!recv 71AB676F 5 Bytes JMP 011C9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01CA949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 01CAC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Windows Defender\MSASCui.exe[3588] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x01CAD3B0]
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01CA98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01CA9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3588] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01CA9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C8949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C8C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Saitek\Software\Profiler.exe[3620] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00C8D3B0]
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C89CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\Profiler.exe[3620] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C89E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BB949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00BBC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Saitek\Software\SaiSmart.exe[3644] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00BBD3B0]
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00BB98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BB9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Saitek\Software\SaiSmart.exe[3644] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00BB9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DED3B0]
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe[3740] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0097949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0097C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\QuickTime\qttask.exe[3764] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0097D3B0]
.text C:\Program Files\QuickTime\qttask.exe[3764] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009798E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00979CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\QuickTime\qttask.exe[3764] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00979E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0095949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0095C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0095D3B0]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00959CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3852] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00959E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DD949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DDC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DDD3B0]
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DD98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DD9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3860] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DD9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DC949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00DCC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00DCD3B0]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00DC98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3880] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00DC9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0098949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0098C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0098D3B0]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ws2_32.dll!send 71AB4C27 5 Bytes JMP 009898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00989CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[3896] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00989E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03F1949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 03F1C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] WS2_32.dll!send 71AB4C27 5 Bytes JMP 03F198E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03F19CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] WS2_32.dll!recv 71AB676F 5 Bytes JMP 03F19E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3972] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x03F1D3B0]
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0261949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 0261C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 026198E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02619CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] WS2_32.dll!recv 71AB676F 5 Bytes JMP 02619E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\TELUS\TELUS security advisor\Tsa.exe[3988] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x0261D3B0]
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A1949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00A1C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A198E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A19CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A19E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe[4052] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00A1D3B0]
.text C:\WINDOWS\system32\ctfmon.exe[4060] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A8949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\ctfmon.exe[4060] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00A8C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\system32\ctfmon.exe[4060] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00A8D3B0]
.text C:\WINDOWS\system32\ctfmon.exe[4060] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00A898E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\ctfmon.exe[4060] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A89CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\ctfmon.exe[4060] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00A89E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00EA949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00EAC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00EA98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00EA9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00EA9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4084] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00EAD3B0]
.text C:\WINDOWS\system32\notepad.exe[4240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4240] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\system32\notepad.exe[4240] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00AED3B0]
.text C:\WINDOWS\system32\notepad.exe[4240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00AE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00AE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03BB949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 03BBC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 3260531D C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
CODE C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x03BBD3B0]
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ws2_32.dll!send 71AB4C27 5 Bytes JMP 03BB98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 03BB9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[4276] ws2_32.dll!recv 71AB676F 5 Bytes JMP 03BB9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AE949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00AEC198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE C:\WINDOWS\system32\notepad.exe[4368] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00AED3B0]
.text C:\WINDOWS\system32\notepad.exe[4368] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00AE98E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00AE9CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text C:\WINDOWS\system32\notepad.exe[4368] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00AE9E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C5949C C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ntdll.dll!NtQuerySystemInformation 7C90D92E 5 Bytes JMP 00C5C198 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
CODE K:\FIX\gmer.exe[4616] C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll entry point in "CODE" section [0x00C5D3B0]
.text K:\FIX\gmer.exe[4616] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00C598E0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C59CB0 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
.text K:\FIX\gmer.exe[4616] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00C59E98 C:\Documents and Settings\Nathan Ko\Application Data\Gmail\Shell32.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)
---- Processes - GMER 1.0.15 ----
Process C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe (*** hidden *** ) 4052
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@realtekc "C:\Documents and Settings\Nathan Ko\Application Data\Gmail\cssxo9416223.exe" 2
---- EOF - GMER 1.0.15 ----