Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My hijack this log

Unread postby Shaba » December 15th, 2008, 9:33 am

So it looks like that there is something hidden.


Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2

  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other unning programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

Re: My hijack this log

Unread postby Tyro » December 15th, 2008, 11:58 am

Shaba,

Here is the requested information:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-15 10:54:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 852C4109 ZwCreateThread

---- Kernel code sections - GMER 1.0.14 ----

PAGE ntkrnlpa.exe!ZwCreateProcess + 3 805CFA1F 2 Bytes [ 7A, 32 ]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[472] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\FrameworkService.exe[512] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\services.exe[1032] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\lsass.exe[1044] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1268] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1376] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\System32\svchost.exe[1416] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1580] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe[1592] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\system32\svchost.exe[1672] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 3700737C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 3700733E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 370074F0 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 37007436 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 370074B2 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 370073F8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!PeekNamedPipe 7C85F90F 5 Bytes JMP 370073BA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 37007474 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 3700752E C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetOpenA 771C58F2 5 Bytes JMP 37007816 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetOpenUrlA 771C5BBE 5 Bytes JMP 370077D8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WININET.dll!InternetReadFile 771C812C 5 Bytes JMP 3700779A C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!select 71AB2DC0 5 Bytes JMP 37007626 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 3700756C C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 370075E8 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!send 71AB428A 5 Bytes JMP 370075AA C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)
.text C:\WINDOWS\Explorer.EXE[3132] WS2_32.dll!recv 71AB615A 5 Bytes JMP 37007664 C:\WINDOWS\system32\EntApi.dll (EntAPI/Network Associates, Inc)

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs naiavf5x.sys (Anti-Virus File System Filter Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mvstdi5x.sys (Anti-Virus Mini-Firewall Driver/Network Associates, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR

---- EOF - GMER 1.0.14 ----
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 15th, 2008, 12:07 pm

I'd like you to check a file for malware.
C:\WINDOWS\system32\dfecafbfdbdaeffbca.dll

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Post back results here, please.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My hijack this log

Unread postby Tyro » December 15th, 2008, 12:51 pm

This is the message I received:

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file


I submitted the file via email as the site suggested.
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 15th, 2008, 12:57 pm

Yes it is likely preventing itself uploading.

Let's check this before we attempt to remove anything:

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following reports in your next reply:

DDS.txt
Attach.txt]
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My hijack this log

Unread postby Tyro » December 15th, 2008, 1:02 pm

Shaba,

I didn't see a prompt for "Optional Scan" but it ran anyway. The requested logs are as follows:

DDS:


DDS (Version 1.0.1) - NTFSx86
Run by farleyd at 11:59:02.39 on Mon 12/15/2008
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer provided by St. John's University
uInternet Connection Wizard,ShellNext = iexplore
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [TP4EX] tp4ex.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [atwtusb] atwtusb.exe beta
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: LogonType = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - c:\program files\lenovo\pkgmgr\\PkgMgr.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: sda.stjohns.edu
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ACNotify - ACNotify.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: dfecafbfdbdaeffbca - c:\windows\system32\dfecafbfdbdaeffbca.dll
Notify: ssqNFXon - ssqNFXon.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\farleyd\applic~1\mozilla\firefox\profiles\l83u6ygw.default\
FF - prefs.js: browser.search.selectedEngine - Creative Commons
FF - prefs.js: browser.startup.homepage - www.google.com

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2008-12-15 10:26 345 a------- c:\windows\gmer.ini
2008-12-14 01:15 81,519 a------- c:\windows\system32\a.exe
2008-12-13 02:00 <DIR> --d----- c:\docume~1\farleyd\applic~1\Uniblue
2008-12-09 12:58 <DIR> --d----- c:\docume~1\farleyd\applic~1\Malwarebytes
2008-12-09 12:58 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-09 12:58 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-09 12:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-09 12:58 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 22:59 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-07 22:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-07 21:55 <DIR> --d----- c:\program files\Trend Micro
2008-12-05 15:41 <DIR> --d----- c:\program files\Lavasoft
2008-12-05 15:40 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-26 22:09 336 a------- C:\log.udt
2008-11-23 12:12 <DIR> --d----- c:\program files\Netflix

==================== Find3M ====================

2008-12-15 10:29 17,408 a------- c:\windows\system32\rpcnetp.exe
2008-12-15 10:29 47,104 a------- c:\windows\system32\rpcnet.dll
2008-10-22 13:10 249,856 a------- c:\windows\system32\pdfmona.dll
2008-10-22 13:10 51,716 a------- c:\windows\system32\pdf995mon.dll
2008-10-02 17:36 32,256 a------- c:\windows\system32\identprv.dll
2008-09-26 07:48 47,104 a------- c:\windows\system32\rpcnet.exe

============= FINISH: 12:00:06.04 ===============


Attach:


==== Installed Programs ======================

Ad-Aware
Adobe Acrobat 7.0 - Tryout Professional - English, Français, Deutsch
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Atmel TPM Driver 3.0.0.15
Bonjour
Brio Quickview
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
DivX Content Uploader
DivX Web Player
DNA
FTDI FTD2XX USB Drivers
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterActual Player
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Joost (tm) Beta 1.0.8
LaserJet 1020 series
Lexmark Software Uninstall
Macromedia Dreamweaver MX
Macromedia Extension Manager
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
mCore
mDriver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
mMHouse
Mozilla Firefox (2.0.0.18)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
mWlsSafe
mXML
Netflix Movie Viewer
Oracle JInitiator 1.3.1.13
OrderReminder HP LaserJet 1020
Pdf995
PowerPlugs: Quotations
PowerPlugs: Transitions and/or 3D Titles
Productivity Center Supplement for ThinkPad
QuickTime
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Skype™ 3.8
Software Installer
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy
ThinkPad Configuration
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Hotkey Features Setup
ThinkPad Keyboard Customizer Utility
ThinkPad Modem
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad Presentation Director
ThinkPad UltraNav Driver
ThinkPad UltraNav Wizard
ThinkVantage Access Connections
ThinkVantage Active Protection System
TightVNC 1.3.9
TrackPoint Accessibility Features
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB931836)
USB Tablet Manager
VPN Client
Walk-and-Talk
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages ===================


==== End Of File ===========================
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 15th, 2008, 1:36 pm

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Download Avenger by Swandog and unzip it to your Desktop.

Note: This program must be run from an account with Administrator priviledges.

  • Open the Avenger folder and double click Avenger.exe to launch the program.
  • Copy the text in the code box below and Paste it into the Input script here: box.
Code: Select all
Files to delete:
c:\windows\system32\dfecafbfdbdaeffbca.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

  • Ensure the following:
    • Scan for Rootkits is checked.
    • Automatically disable any rootkits found is Unchecked.
  • Press the Execute key.
  • Avenger will now process the script you've pasted (this may involve more than one re-boot), when finished it will produce a log file.
  • Post the log back here please. (it can also be found at C:\avenger.txt)

Post:

- C:\avenger.txt
- a fresh HijackThis log (if you are able to run it)

Let me know if you can't download/run avenger.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My hijack this log

Unread postby Tyro » December 15th, 2008, 4:58 pm

Sorry for the delay, Shaba.

I ran Spybot as directed.

I downloaded Avenger, but it won't run.

I don't think I have administrator privileges on this computer.
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 16th, 2008, 2:02 am

Yes, it requires admin rights.

Have you tried to rename it and run it afterwards?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My hijack this log

Unread postby Tyro » December 16th, 2008, 6:55 am

I tried that but was still unable to run it.
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 16th, 2008, 9:37 am

Please try to run it in safe mode and let me know how it went there.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My hijack this log

Unread postby Tyro » December 16th, 2008, 10:32 pm

Shaba,

In safe mode, I was unable to log in with my usual username/password combination.
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 17th, 2008, 5:21 am

Then we try to temporary disable McAfee and re-download ComboFix:

Please click Start > Run and type in: services.msc
Click OK
In the Services window find: McAfeeFramework
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click Apply, then OK

Repeat step for these:

McShield
McTaskManager

Try again to download combofix or transfer it from usb stick.

Let me know how it went.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: My hijack this log

Unread postby Tyro » December 17th, 2008, 8:36 am

When I click Properties, the window closes, Shaba.

Also, I didn't see McShield or McTaskManager there.
Tyro
Regular Member
 
Posts: 28
Joined: December 7th, 2008, 11:04 pm

Re: My hijack this log

Unread postby Shaba » December 17th, 2008, 8:41 am

OK, then we don't have much alternatives.

Do you have windows CD handy?

I ask because we could try deletion in recovery console.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 270 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware