Landetta
2009-09-28, 06:51
Hello everyone today i have gotten a very bad virus from this exe called
Xforce generator.exe it has caused many problems like random web pages in google search, cant open hjt malwarebytes and other protection programs and even some programs that has nothing to do with protection!now the only thing Ive been able to do is run gmer and here is my Log:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-28 00:36:53
Windows 6.1.7600
Running: km0m8vv8.exe; Driver: C:\Users\Landetta\AppData\Local\Temp\pxpdraoc.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A12634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A12898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A8A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
.text peauth.sys A0E35C9E 27 Bytes [12, AA, 5D, B1, 77, 00, 2A, ...]
.text peauth.sys A0E35CC2 27 Bytes [12, AA, 5D, B1, 77, 00, 2A, ...]
PAGE peauth.sys A0E3BB9C 71 Bytes [52, 52, FE, 09, 26, 14, 98, ...]
PAGE peauth.sys A0E3BBED 110 Bytes [E1, 79, AB, A0, 67, CB, 35, ...]
PAGE peauth.sys A0E3BE21 100 Bytes [AA, 2F, 7D, 5A, 53, 22, 9B, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Java\jre6\bin\jusched.exe[3584] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[3584] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[3584] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\AIM6\aim6.exe[3824] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\AIM6\aim6.exe[3824] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\AIM6\aim6.exe[3824] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] kernel32.dll!CreateProcessA 76E52062 5 Bytes JMP 06937E3E C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] kernel32.dll!CreateThread 76EA27FD 5 Bytes JMP 069377E2 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] GDI32.dll!BitBlt 758F7180 5 Bytes JMP 0693725A C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!InvalidateRgn 75B78099 5 Bytes JMP 06937440 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!CreateDialogParamW 75B79BFF 5 Bytes JMP 0693792D C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!GetCursorPos 75B7C198 5 Bytes JMP 06937576 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetFocus 75B7CBA9 5 Bytes JMP 0693730A C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetForegroundWindow 75B7D3AE 5 Bytes JMP 06937A7B C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!RegisterClassA 75B7E225 5 Bytes JMP 0693774A C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!CreateWindowExW 75B80E51 5 Bytes JMP 06937B13 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetWindowPos 75B83581 5 Bytes JMP 069379D1 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!RedrawWindow 75B852A2 5 Bytes JMP 069376A9 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!IsWindowVisible 75B86939 7 Bytes JMP 06937BCC C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!GetDC 75B87041 5 Bytes JMP 0693712B C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!ReleaseDC 75B87055 5 Bytes JMP 069371BF C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!BeginPaint 75B87B87 5 Bytes JMP 06937097 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!InvalidateRect 75B87BC9 5 Bytes JMP 069373A2 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!TrackPopupMenu 75BA4B3B 5 Bytes JMP 06937D94 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!DialogBoxParamW 75BA564A 5 Bytes JMP 06937889 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetCapture 75BA6B2A 5 Bytes JMP 069374DE C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!WindowFromPoint 75BA6D0C 5 Bytes JMP 0693760E C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!LoadLibraryA 76EA2864 5 Bytes JMP 01F50463 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!LoadLibraryW 76EA28B2 5 Bytes JMP 01F50563 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\java.exe[5076] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\java.exe[5076] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B8250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B82494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B65624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B78573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B74D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B78819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B7907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B74C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3584] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3584] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [01EAA623] c:\program files\aim6\services\imApp\ver6_9_17_2\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Xfire\Xfire.exe[4024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Xfire\Xfire.exe[4024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\SECUR32.DLL [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [508] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [556] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [968] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1036] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1196] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1424] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1524] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1564] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1760] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1816] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [1864] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1912] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2592] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [3204] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [3572] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [3584] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3640] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\AIM6\aim6.exe [3824] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Xfire\Xfire.exe [4024] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4520] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\java.exe [5076] 0x35670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs avgrsstx.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
also im running a trend micro house call at the moment to see if that fixes anything. any help is appreciated and thank you in advance
=======================
Edit
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response. Please do not add logs from other scans. :)
Xforce generator.exe it has caused many problems like random web pages in google search, cant open hjt malwarebytes and other protection programs and even some programs that has nothing to do with protection!now the only thing Ive been able to do is run gmer and here is my Log:
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-28 00:36:53
Windows 6.1.7600
Running: km0m8vv8.exe; Driver: C:\Users\Landetta\AppData\Local\Temp\pxpdraoc.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2AAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A12634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A12898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2A6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2AF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A2B1A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A8A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AAEF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !
.text peauth.sys A0E35C9E 27 Bytes [12, AA, 5D, B1, 77, 00, 2A, ...]
.text peauth.sys A0E35CC2 27 Bytes [12, AA, 5D, B1, 77, 00, 2A, ...]
PAGE peauth.sys A0E3BB9C 71 Bytes [52, 52, FE, 09, 26, 14, 98, ...]
PAGE peauth.sys A0E3BBED 110 Bytes [E1, 79, AB, A0, 67, CB, 35, ...]
PAGE peauth.sys A0E3BE21 100 Bytes [AA, 2F, 7D, 5A, 53, 22, 9B, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Java\jre6\bin\jusched.exe[3584] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[3584] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\jusched.exe[3584] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\AIM6\aim6.exe[3824] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\AIM6\aim6.exe[3824] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\AIM6\aim6.exe[3824] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] kernel32.dll!CreateProcessA 76E52062 5 Bytes JMP 06937E3E C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] kernel32.dll!CreateThread 76EA27FD 5 Bytes JMP 069377E2 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] GDI32.dll!BitBlt 758F7180 5 Bytes JMP 0693725A C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!InvalidateRgn 75B78099 5 Bytes JMP 06937440 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!CreateDialogParamW 75B79BFF 5 Bytes JMP 0693792D C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!GetCursorPos 75B7C198 5 Bytes JMP 06937576 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetFocus 75B7CBA9 5 Bytes JMP 0693730A C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetForegroundWindow 75B7D3AE 5 Bytes JMP 06937A7B C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!RegisterClassA 75B7E225 5 Bytes JMP 0693774A C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!CreateWindowExW 75B80E51 5 Bytes JMP 06937B13 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetWindowPos 75B83581 5 Bytes JMP 069379D1 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!RedrawWindow 75B852A2 5 Bytes JMP 069376A9 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!IsWindowVisible 75B86939 7 Bytes JMP 06937BCC C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!GetDC 75B87041 5 Bytes JMP 0693712B C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!ReleaseDC 75B87055 5 Bytes JMP 069371BF C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!BeginPaint 75B87B87 5 Bytes JMP 06937097 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!InvalidateRect 75B87BC9 5 Bytes JMP 069373A2 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!TrackPopupMenu 75BA4B3B 5 Bytes JMP 06937D94 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!DialogBoxParamW 75BA564A 5 Bytes JMP 06937889 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!SetCapture 75BA6B2A 5 Bytes JMP 069374DE C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[4024] USER32.dll!WindowFromPoint 75BA6D0C 5 Bytes JMP 0693760E C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!LoadLibraryA 76EA2864 5 Bytes JMP 01F50463 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] kernel32.dll!LoadLibraryW 76EA28B2 5 Bytes JMP 01F50563 C:\Program Files\Xfire\xfire_toucan_39110.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4520] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\java.exe[5076] USER32.dll!InvalidateRect + F 75B87BD8 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\java.exe[5076] GDI32.dll!SetTextAlign + BC 758F804E 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
.text C:\Program Files\Java\jre6\bin\java.exe[5076] GDI32.dll!GetDCBrushColor + BA 759114B4 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[1804] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B8250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B82494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B65624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B656E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B78573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B74D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B750CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B751A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73B766D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B782CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B78819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B7907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73B74C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVG\AVG8\avgtray.exe[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3584] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3584] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3640] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [01EAA623] c:\program files\aim6\services\imApp\ver6_9_17_2\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[3824] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Xfire\Xfire.exe[4024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Xfire\Xfire.exe[4024] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4520] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe[5052] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\4BDC2185.x86.dll
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Java\jre6\bin\java.exe[5076] @ C:\Windows\system32\SECUR32.DLL [KERNEL32.dll!GetProcAddress] [75175D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [508] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [556] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [856] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [968] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1036] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1196] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1424] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1524] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1564] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1760] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1816] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [1864] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1912] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2592] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [3204] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [3572] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [3584] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3640] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\AIM6\aim6.exe [3824] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Xfire\Xfire.exe [4024] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4520] 0x35670000
Library \\?\globalroot\Device\__max++>\4BDC2185.x86.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\java.exe [5076] 0x35670000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@IconServiceLib IconCodecService.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DdeSendTimeout 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DesktopHeapLogging 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ShutdownWarningDialogTimeout -1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERNestedWindowLimit 50
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERPostMessageLimit 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@ mnmsrvc
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs avgrsstx.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
---- EOF - GMER 1.0.15 ----
also im running a trend micro house call at the moment to see if that fixes anything. any help is appreciated and thank you in advance
=======================
Edit
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response. Please do not add logs from other scans. :)