Thanks for your help
Attach log:
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2009 10:29:25 PM
System Uptime: 7/29/2009 3:06:45 AM (29 hours ago)
Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Pentium(R) 4 CPU 1.80GHz | Socket 478 | 1794/400mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 28 GiB total, 10.382 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP49: 7/5/2009 9:21:32 AM - System Checkpoint
RP50: 7/6/2009 9:54:04 AM - System Checkpoint
RP51: 7/7/2009 10:16:19 AM - System Checkpoint
RP52: 7/8/2009 11:25:42 AM - Installed WinZip 12.1
RP53: 7/9/2009 11:47:52 AM - System Checkpoint
RP54: 7/10/2009 12:47:54 PM - System Checkpoint
RP55: 7/11/2009 1:47:53 PM - System Checkpoint
RP56: 7/12/2009 1:55:40 PM - System Checkpoint
RP57: 7/13/2009 2:56:28 PM - Installed VIPRE Antivirus + Antispyware.
RP58: 7/14/2009 3:00:22 AM - Software Distribution Service 3.0
RP59: 7/14/2009 7:19:53 AM - Installed Windows XP WgaNotify.
RP60: 7/14/2009 3:29:55 PM - Software Distribution Service 3.0
RP61: 7/15/2009 12:48:40 PM - Installed QuickBooks.
RP62: 7/16/2009 3:00:18 AM - Software Distribution Service 3.0
RP63: 7/17/2009 3:18:15 AM - System Checkpoint
RP64: 7/18/2009 4:18:12 AM - System Checkpoint
RP65: 7/19/2009 5:18:14 AM - System Checkpoint
RP66: 7/20/2009 6:18:14 AM - System Checkpoint
RP67: 7/21/2009 8:25:55 AM - System Checkpoint
RP68: 7/22/2009 4:37:54 PM - System Checkpoint
RP69: 7/23/2009 5:02:00 PM - System Checkpoint
RP70: 7/24/2009 5:18:03 PM - System Checkpoint
RP71: 7/25/2009 6:18:04 PM - System Checkpoint
RP72: 7/26/2009 7:18:03 PM - System Checkpoint
RP73: 7/27/2009 8:17:51 PM - System Checkpoint
RP74: 7/28/2009 2:51:45 AM - Installed Roxio Media Manager
RP75: 7/29/2009 3:00:19 AM - Software Distribution Service 3.0
RP76: 7/30/2009 3:03:12 AM - System Checkpoint
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 2 (SP2)
50 FREE MP3s +1 Free Audiobook!
Adobe Acrobat 6.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Display Driver
BlackBerry Desktop Software 5.0
Broadcom 440x 10/100 Integrated Controller
CCleaner (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Intel(R) Extreme Graphics Driver
Malwarebytes' Anti-Malware
MeridianLink Site Security Certificate
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.0.12)
Mozilla Thunderbird (2.0.0.21)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Nero 6 Ultra Edition
OneSuite Fax 2008
Point 6.2
QuickBooks Premier: Accountant Edition 2008
Quicken Basic 99
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
SkyCaddie Desktop
SoundMAX
Spybot - Search & Destroy
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VIPRE Antivirus + Antispyware
VLC media player 0.9.9
WebFldrs XP
Winamp
Winamp Toolbar
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
WinRAR archiver
WinZip 12.1
==== Event Viewer Messages From Past Week ========
7/29/2009 3:07:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
7/26/2009 3:38:04 PM, error: Dhcp [1002] - The IP address lease 192.168.1.103 for the Network Card with network address 000874BA5D04 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
DDS Log:
DDS (Ver_09-07-30.01) - NTFSx86
Run by danm at 8:36:20.89 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1460 [GMT -6:00]
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated) {964FCE60-0B18-4D30-ADD6-EB178909041C}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\OneSuiteFax\Client\SendMng.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\danm\Local Settings\Temporary Internet Files\Content.IE5\RXOJQNMF\dds[1].pif
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.google.com/uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [cdloader] "c:\documents and settings\danm\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [sendmng] "c:\program files\onesuitefax\client\SendMng.exe"
mRun: [18566564] c:\documents and settings\all users\application data\18566564\18566564.exe
mRun: [SBAMTray] c:\program files\sunbelt software\vipre\SBAMTray.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
StartupFolder: c:\docume~1\danm\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billmi~1.lnk - c:\quickenw\BILLMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\quickenw\QWDLLS.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupda ... 4102216276DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload2.macromedia.com/get/s ... wflash.cabHandler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\danm\applic~1\mozilla\firefox\profiles\5si78ip7.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://slirsredirect.search.aol.com/sli ... ie7&query=FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - prefs.js: keyword.URL -
hxxp://slirsredirect.search.aol.com/sli ... pab&query=FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
============= SERVICES / DRIVERS ===============
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2009-7-13 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-4-30 93360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2009-7-13 202928]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-7-13 69936]
S0 cerc6;cerc6; [x]
S2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\sunbelt software\vipre\SBAMSvc.exe [2009-6-10 980264]
=============== Created Last 30 ================
2009-07-28 02:52 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-07-28 02:52 <DIR> --d----- c:\program files\Roxio
2009-07-15 14:59 <DIR> --dsh--- c:\documents and settings\danm\IECompatCache
2009-07-15 12:59 <DIR> --d----- c:\program files\common files\supportsoft
2009-07-15 12:49 <DIR> --d----- c:\program files\common files\Intuit
2009-07-15 12:49 <DIR> --d----- c:\program files\Intuit
2009-07-15 12:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2009-07-15 12:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\COMMON FILES
2009-07-15 09:52 <DIR> --dsh--- c:\documents and settings\danm\PrivacIE
2009-07-15 07:25 <DIR> --dsh--- c:\documents and settings\danm\IETldCache
2009-07-14 16:13 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-14 16:13 <DIR> --d----- c:\windows\ie8updates
2009-07-14 16:12 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-14 16:12 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-14 16:09 <DIR> -cd-h--- c:\windows\ie8
2009-07-14 09:26 0 a------- c:\windows\system32\58.tmp
2009-07-13 15:19 69,936 a------- c:\windows\system32\drivers\sbapifs.sys
2009-07-13 15:19 13,360 a------- c:\windows\system32\drivers\sbaphd.sys
2009-07-13 14:59 <DIR> --d----- c:\docume~1\danm\applic~1\Sunbelt
2009-07-13 14:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sunbelt
2009-07-13 14:56 202,928 a------- c:\windows\system32\drivers\sbtis.sys
2009-07-13 14:56 <DIR> --d----- c:\program files\Sunbelt Software
2009-07-13 11:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\18566564
2009-07-13 09:18 0 a------- c:\windows\system32\1F.tmp
2009-07-07 10:40 395 a------- c:\windows\wininit.ini
2009-07-06 17:35 0 a------- c:\windows\system32\F4.tmp
2009-07-03 12:52 0 a------- c:\windows\system32\55F.tmp
==================== Find3M ====================
2009-07-03 11:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-18 15:36 256 a------- c:\documents and settings\danm\pool.bin
2009-06-16 08:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 08:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-10 06:00 68,392 a------- c:\windows\system32\sbbd.exe
2009-06-04 14:04 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-04 00:56 454,656 a------- c:\program files\putty.exe
2009-06-03 22:22 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-03 13:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-07 09:32 345,600 a------- c:\windows\system32\localspl.dll
============= FINISH: 8:36:48.32 ===============
GMER log:
{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 GMER 1.0.15.15011 [gmer.exe] -
http://www.gmer.net\par
Rootkit scan 2009-07-30 09:48:49\par
Windows 5.1.2600 Service Pack 3\par
\par
\par
---- System - GMER 1.0.15 ----\par
\par
SSDT \\SystemRoot\\system32\\drivers\\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xF79B34D0]\par
SSDT \\SystemRoot\\system32\\drivers\\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xF79B3520]\par
\par
---- User code sections - GMER 1.0.15 ----\par
\par
.text C:\\Program Files\\Common Files\\Research In Motion\\Auto Update\\RIMAutoUpdate.exe[352] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Common Files\\Research In Motion\\Auto Update\\RIMAutoUpdate.exe[352] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\winlogon.exe[636] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\winlogon.exe[636] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\services.exe[680] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\services.exe[680] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\lsass.exe[692] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\lsass.exe[692] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[864] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[864] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[956] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[956] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\System32\\svchost.exe[1052] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\System32\\svchost.exe[1052] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[1108] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[1108] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[1196] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[1196] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\Explorer.EXE[1220] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\Explorer.EXE[1220] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\System32\\alg.exe[1228] C:\\WINDOWS\\System32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\System32\\alg.exe[1228] C:\\WINDOWS\\System32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\spoolsv.exe[1416] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\spoolsv.exe[1416] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\WINDOWS\\system32\\svchost.exe[1504] c:\\windows\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\WINDOWS\\system32\\svchost.exe[1504] c:\\windows\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe[1656] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe[1656] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\Acrobat.exe[2300] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\Acrobat.exe[2300] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\PROGRA~1\\WINZIP\\winzip32.exe[2548] C:\\WINDOWS\\system32\\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\PROGRA~1\\WINZIP\\winzip32.exe[2548] C:\\WINDOWS\\system32\\WS2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] C:\\WINDOWS\\system32\\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] C:\\WINDOWS\\system32\\ws2_32.dll entry point in ".data" section [0x71AC41A1]\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\\WINDOWS\\system32\\IEFRAME.dll (Internet Explorer/Microsoft Corporation)\par
.text C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] C:\\WINDOWS\\system32\\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]\par
.data C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3792] C:\\WINDOWS\\system32\\ws2_32.dll entry point in ".data" section [0x71AC41A1]\par
\par
---- User IAT/EAT - GMER 1.0.15 ----\par
\par
IAT C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE[3436] @ C:\\WINDOWS\\system32\\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\\Program Files\\Internet Explorer\\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)\par
\par
---- Devices - GMER 1.0.15 ----\par
\par
AttachedDevice \\Driver\\Tcpip \\Device\\Ip sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\Driver\\Tcpip \\Device\\Tcp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\Driver\\Tcpip \\Device\\Udp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\Driver\\Tcpip \\Device\\RawIp sbtis.sys (Sunbelt TDI Inspection System/Sunbelt Software)\par
AttachedDevice \\FileSystem\\Fastfat \\Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)\par
\par
---- EOF - GMER 1.0.15 ----\par
}