Hi Adam
Here are your results
========== FILES ==========
File/Folder C:\Program Files\ooVoo not found.
File/Folder C:\StubInstaller.exe not found.
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Program Files\oovooToolbar not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\StubInstaller.exe not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\ooVoo\ooVoo.exe not found.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04152009_141557
GMER 1.0.15.14966 -
http://www.gmer.netRootkit scan 2009-04-15 07:58:33
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF39FC44A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF39FC4E1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF39FC3F8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF39FC40C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF39FC4F5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF39FC521]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF39FC58F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF39FC579]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF39FC48A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF39FC5BB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF39FC4CD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF39FC3D0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF39FC3E4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF39FC45E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF39FC5F7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF39FC563]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF39FC54D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF39FC50B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF39FC5E3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF39FC5CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF39FC436]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF39FC422]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF39FC537]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF39FC4B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF39FC5A5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF39FC4A0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF39FC474]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C1005B
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C1004A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10F66
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10F83
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C10FAF
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F3A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C1008C
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C100A7
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C10F0E
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C10EF3
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C10F9E
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C10F55
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C1001B
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\services.exe[688] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C10F29
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00036
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C0007D
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00062
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C00FC0
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\services.exe[688] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FB2
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF003D
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF0011
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0000
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\services.exe[688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FE3
.text C:\WINDOWS\system32\services.exe[688] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FEF
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F6F
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80F8A
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80F9B
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80058
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80047
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F37
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80089
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E80F1C
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E800B5
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E80F01
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E80FC0
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E80000
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E80F5E
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E80036
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E8001B
.text C:\WINDOWS\system32\lsass.exe[700] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E800A4
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E70FD4
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E70040
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E70025
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E70FEF
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E70F83
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00E70FA8
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [07, 89]
.text C:\WINDOWS\system32\lsass.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E70FC3
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E60FB2
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E6003D
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E60022
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E60000
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E60FCD
.text C:\WINDOWS\system32\lsass.exe[700] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E60011
.text C:\WINDOWS\system32\lsass.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10F4D
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10F68
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10F79
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10F94
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10FB6
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D10F0B
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10F26
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10078
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10EDF
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D10093
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D10FA5
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D1005D
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D10022
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D10EF0
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D00025
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D0007D
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D0006C
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D0005B
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D00036
.text C:\WINDOWS\system32\svchost.exe[880] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CF0053
.text C:\WINDOWS\system32\svchost.exe[880] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CF0038
.text C:\WINDOWS\system32\svchost.exe[880] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CF0FD9
.text C:\WINDOWS\system32\svchost.exe[880] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CF000C
.text C:\WINDOWS\system32\svchost.exe[880] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CF0FC8
.text C:\WINDOWS\system32\svchost.exe[880] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CF001D
.text C:\WINDOWS\system32\svchost.exe[880] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CE0FE5
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D70000
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D70F9E
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D7009D
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D70FB9
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D70FCA
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D70051
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D70F70
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D70F8D
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D70109
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D700EE
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D70F4B
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D70062
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D70FE5
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D700AE
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D7002C
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D7001B
.text C:\WINDOWS\system32\svchost.exe[956] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D700D3
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D60FCD
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D6006F
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D60FDE
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D6000A
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D60054
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D60FEF
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D60039
.text C:\WINDOWS\system32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D60FA8
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D50055
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D50044
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D50018
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D50029
.text C:\WINDOWS\system32\svchost.exe[956] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\system32\svchost.exe[956] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02CE0FEF
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02CE008C
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02CE0F97
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02CE0FA8
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02CE0FB9
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02CE004A
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02CE00D8
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02CE0F86
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02CE0F75
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02CE0104
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 02CE0F5A
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 02CE005B
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02CE000A
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 02CE00A7
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 02CE0039
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 02CE0FDE
.text C:\WINDOWS\System32\svchost.exe[1048] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 02CE00E9
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02CC0FD1
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02CC007D
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02CC0022
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02CC0011
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02CC0FC0
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02CC0000
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02CC0058
.text C:\WINDOWS\System32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02CC0047
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009B0FB2
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 009B003D
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009B0FCD
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009B0FEF
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009B0022
.text C:\WINDOWS\System32\svchost.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009B0FDE
.text C:\WINDOWS\System32\svchost.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009A0FE5
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02CD0FE5
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02CD0FCA
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02CD0000
.text C:\WINDOWS\System32\svchost.exe[1048] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02CD0FAF
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650F83
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00650F94
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065006E
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650FA5
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0065009D
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F55
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006500E4
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006500C9
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00650F26
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00650F72
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00650036
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1092] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 006500B8
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00640FAF
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00640F5E
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00640F83
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00640F94
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [84, 88]
.text C:\WINDOWS\system32\svchost.exe[1092] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00630042
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630FB7
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630FD2
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0063001D
.text C:\WINDOWS\system32\svchost.exe[1092] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0063000C
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0000
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0F72
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C005D
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C0F83
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0040
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0FAF
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C0F3A
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C0082
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C00BF
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C00AE
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007C00DA
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 007C0F94
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 007C0F61
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 007C0025
.text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 007C009D
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 007B0FB9
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 007B0F5E
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 007B0FCA
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 007B0F83
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 007B0FEF
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 007B0F94
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [9B, 88]
.text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 007B001B
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 007A0FC8
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!system 77C293C7 5 Bytes JMP 007A0049
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 007A0FD9
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 007A0000
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 007A002E
.text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 007A0011
.text C:\WINDOWS\system32\svchost.exe[1188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00790000
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1276] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1276] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C90F8A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C90F9B
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C9007F
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C90062
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C90040
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C90F3E
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C90F65
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C90F12
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C900AB
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C90F01
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C90090
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C90F2D
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C70011
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C70F83
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C70FCA
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C70000
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C70F94
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C70FEF
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C70036
.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C70FAF
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C60F9C
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C60FB7
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C60FD2
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C60000
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C60027
.text C:\WINDOWS\system32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C60FE3
.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C80FDE
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C80FCD
.text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C8001E
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01FF0000
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01FF0F4B
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01FF0F66
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01FF0F83
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01FF0F94
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01FF0FC0
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01FF0F0E
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01FF0F1F
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01FF007B
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01FF0EE2
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01FF008C
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01FF0FAF
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01FF0011
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01FF0F30
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01FF0FD1
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01FF0022
.text C:\WINDOWS\Explorer.EXE[1716] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01FF0EFD
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01DE0FBC
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01DE0F86
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01DE0FCD
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01DE0FDE
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01DE0FA1
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01DE0FEF
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01DE0043
.text C:\WINDOWS\Explorer.EXE[1716] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01DE0032
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01D70FCA
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!system 77C293C7 5 Bytes JMP 01D70055
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01D70FE5
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01D70000
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01D7003A
.text C:\WINDOWS\Explorer.EXE[1716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01D7001D
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01FE0000
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01FE001B
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01FE002C
.text C:\WINDOWS\Explorer.EXE[1716] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01FE0FE5
.text C:\WINDOWS\Explorer.EXE[1716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01C80000
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90000
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90F6F
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B90F8A
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90F9B
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90FB6
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90058
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B9007F
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B90F43
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900A1
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F12
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B90EED
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B90FC7
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B90F5E
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B9003D
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B9002C
.text C:\WINDOWS\system32\svchost.exe[2520] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B90090
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00B8001B
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00B8004A
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00B80FCA
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00B8000A
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00B80F8D
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00B80F9E
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [D8, 88]
.text C:\WINDOWS\system32\svchost.exe[2520] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00B80FAF
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B70044
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B70FB9
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B70018
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B70033
.text C:\WINDOWS\system32\svchost.exe[2520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B70FDE
.text C:\WINDOWS\system32\svchost.exe[2520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BC0FEF
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BC0F77
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BC006C
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BC005B
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BC0F9E
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BC0FAF
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BC0091
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BC0F55
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC00B3
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BC00A2
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BC0EFF
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BC0036
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BC0FD4
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BC0F66
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BC001B
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\svchost.exe[2540] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BC0F2E
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BB0FCD
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BB0F90
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BB0043
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BB0FA1
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [DB, 88]
.text C:\WINDOWS\system32\svchost.exe[2540] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BB0FB2
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BA0F9C
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BA0FB7
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BA0016
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BA0027
.text C:\WINDOWS\system32\svchost.exe[2540] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BA0FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260075
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026005A
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F80
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026003D
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600AD
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260090
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600EA
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002600D9
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00260105
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00260FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00260F65
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00260FAF
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 002600BE
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00350FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0035005E
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00350FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00350FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00350043
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00350FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360050
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] msvcrt.dll!system 77C293C7 5 Bytes JMP 0036003F
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0036002E
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01DD0000
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01DD0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01DD001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01DD0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[4400] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02CB0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, April 15, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, April 15, 2009 17:24:41
Records in database: 2047528
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 93671
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:46:03
File name / Threat name / Threats count
C:\Stephen Larocque\Local Settings\Temp\WinFixer2006Setup.exe Infected: not-a-virus:AdWare.Win32.DownloadWare.k 1
C:\Stephen Larocque\Local Settings\Temp\WinFixer2006Setup.exe Infected: Trojan-GameThief.Win32.Magania.abjs 1
C:\Stephen Larocque\Local Settings\Temp\WinFixer2006Setup.exe Infected: not-a-virus:FraudTool.Win32.WinAnti 1
The selected area was scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:52 PM, on 4/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.ca/ig/dell?hl=en&client=dell ... bd=6061025R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://lite.rogers.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
www.google.ca/ig/dell?hl=en&client=dell ... bd=6061025R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://ca.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftup ... 2345660383O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 2345648336O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
--
End of file - 10573 bytes
I think that is everything you wanted. I hope this is ok as I don't want to have to go through that again. about 8hrs of work total to get these reports. Ha Ha.
Kind Regards
steve