Problems - igfxtray.exe, ipwins

Logfile of HijackThis v1.99.1
Scan saved at 2:43:42 AM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HJT\hjths.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
 
GMER Log Part I

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-09 15:37:57
Windows 5.1.2600 Service Pack 2

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FD0078
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FD0F83
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FD005B
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FD0F9E
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FD0025
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FD0F41
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FD0089
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FD0F15
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FD0F26
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00FD00C9
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00FD0036
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00FD0FDE
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00FD0F5E
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00FD000A
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00FD0FC3
.text C:\WINDOWS\SYSTEM32\services.exe[708] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00FD00A4
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00A10FCA
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00A10040
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00A1001B
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00A1000A
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00A10F83
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00A10F9E
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00A10FEF
.text C:\WINDOWS\SYSTEM32\services.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00A10FB9
.text C:\WINDOWS\SYSTEM32\services.exe[708] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 009E000A
.text C:\WINDOWS\SYSTEM32\services.exe[708] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009B007D
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 009B0F88
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 009B0FA5
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 009B0FB6
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 009B0051
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009B00BC
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009B009F
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009B0F23
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009B0F3E
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 009B00D7
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 009B0062
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 009B000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 009B008E
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 009B002C
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 009B001B
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 009B0F59
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009A0FCA
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009A0F7C
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009A0025
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009A0014
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009A0F8D
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009A0FA8
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00980FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[924] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00980014
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00CD0F97
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00CD0FA8
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00CD0082
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00CD0FC3
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00CD0FD4
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00CD00CE
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00CD00B1
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00CD0F64
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00CD0F75
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00CD0F49
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00CD0065
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00CD0014
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00CD0F86
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00CD0040
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00CD0025
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00CD00F3
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00CC0FB2
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00CC0F72
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00CC0FC3
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00CC0FDE
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00CC002F
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00CC0014
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00CC0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00CC0F8D
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[992] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00CA000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 022C0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 022C0F68
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 022C0F83
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 022C0051
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 022C0F94
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 022C0FAF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 022C0084
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 022C0F3C
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 022C0F10
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 022C0F21
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 022C0EFF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 022C0036
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 022C000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 022C0F57
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 022C0FCA
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 022C001B
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 022C009F
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01B60036
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01B60087
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01B6001B
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01B6000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01B60076
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01B60065
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01B60FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01B60FD4
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01B30000
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 01B30FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 01B40000
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 01B40FC8
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 01B40FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[1084] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 01B4001B
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!
 
Gmer Log Con'tII

CreateFileA 7C801A24 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BE0078
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BE005D
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BE0F83
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BE0040
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BE0F3A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BE0F4B
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BE00CC
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BE0F29
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00BE0F18
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00BE0000
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00BE0F68
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00BE0025
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00BE009D
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BD0F83
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BD0036
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BD0025
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BD0F9E
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BD0FB9
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BD000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BD0FD4
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00BB000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1220] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00BB0025
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007C0000
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007C0F68
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007C005D
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007C004C
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007C0F83
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007C0FC3
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007C0F30
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007C0078
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007C0F15
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007C00B8
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 007C00C9
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 007C0FA8
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 007C0FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 007C0F57
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 007C0FD4
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 007C001B
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 007C009D
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00710025
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00710F9E
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0071000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00710FD4
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00710065
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00710040
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00710FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00710FB9
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006E0FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 006E0FD4
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 006F0000
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 006F0FDB
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 006F0011
.text C:\WINDOWS\SYSTEM32\svchost.exe[1256] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 006F002E
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F3C
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F57
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F68
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0025
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0F8D
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F1F
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0067
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A009D
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A008C
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A0EE9
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A0014
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A004C
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0FC3
.text C:\WINDOWS\explorer.exe[1816] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A0F0E
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC3
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290F57
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FD4
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290014
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F7C
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290F8D
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\explorer.exe[1816] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FA8
.text C:\WINDOWS\explorer.exe[1816] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 002B0FEF
.text C:\WINDOWS\explorer.exe[1816] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 002B0FD4
.text C:\WINDOWS\explorer.exe[1816] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 002B000A
.text C:\WINDOWS\explorer.exe[1816] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 002B0031
.text C:\WINDOWS\explorer.exe[1816] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01380000
.text C:\WINDOWS\explorer.exe[1816] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 01380011
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0076000A
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007600A7
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00760FB2
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00760096
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00760079
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00760054
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007600DD
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00760F97
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00760F66
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00760109
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 0076011A
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00760FCD
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0076001B
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 007600C2
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00760FDE
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00760FEF
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 007600EE
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00750036
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00750FA5
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00750025
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00750FE5
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00750FC0
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00750062
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00750000
.text C:\WINDOWS\SYSTEM32\svchost.exe[2240] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00750051
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0062
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F77
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F94
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FA5
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A002C
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F37
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F48
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00D0
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00AB
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 001A0F1C
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 001A003D
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 001A0000
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 001A0073
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 001A001B
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 001A0FCA
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 001A009A
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290FC0
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290087
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029001B
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00290FE5
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0029006C
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290047
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290000
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0029002C
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 002A0FEF
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 002A000A
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] WININET.dll!InternetOpenA 771C6D2A 5 Bytes JMP 002B0000
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] WININET.dll!InternetOpenUrlA 771C6FDD 5 Bytes JMP 002B0027
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] WININET.dll!InternetOpenW 771D6CF3 5 Bytes JMP 002B0FE5
.text C:\Program Files\Messenger\MSMSGS.EXE[3824] WININET.dll!InternetOpenUrlW 771D7304 5 Bytes JMP 002B0FD4
 
Gmer Log Con't III

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-03-09 15:37:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateProcess
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwDeleteValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwSetValueKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!ZwYieldExecution 80501E51 7 Bytes JMP BA7895BF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwOpenKey 80573F1D 5 Bytes JMP BA7894EB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateKey 80579528 5 Bytes JMP BA7894FF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtCreateFile 8057F5A5 5 Bytes JMP BA789581 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8058049E 5 Bytes JMP BA7895EB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!NtMapViewOfSection 80580916 7 Bytes JMP BA7895D5 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80581F7D 7 Bytes JMP BA789595 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwSetValueKey 80584921 7 Bytes JMP BA789555 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteValueKey 8059B19A 7 Bytes JMP BA78953F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwDeleteKey 8059C6B6 7 Bytes JMP BA789513 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwCreateProcess 805B4A28 5 Bytes JMP BA7895AB \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntoskrnl.exe!ZwRenameKey 80655F85 7 Bytes JMP BA789529 \SystemRoot\system32\drivers\mfehidk.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL [BAFF69B4] tfsnifs.sys
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL [BAFF69B4] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [BAFF66B0] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [BAFF66B0] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [BAFF66B0] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [BAFF66B0] tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_FILE_SYSTEM_CONTROL [BAFF66B0] tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [BAFF684C] tfsnifs.sys

---- EOF - GMER 1.0.12 ----
 
Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 10, 2007 2:41:05 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 10/03/2007
Kaspersky Anti-Virus database records: 279941
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 69290
Number of viruses found: 2
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:55:36

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\Nero-7.7.5.1_eng_update.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Owner\Desktop\Nero-7.7.5.1_eng_update.exe RAR: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9D69E2DD-1C46-409C-AF21-95341DD37605}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{9D69E2DD-1C46-409C-AF21-95341DD37605}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007030920070310\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\NeroDemo12065\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll Infected: not-a-virus:AdWare.Win32.MyWay.v skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{DB6EB82E-5C1F-4557-8D4C-7E6A3880E955}\RP152\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{72507403-2AE1-4875-B057-79A7833EC918}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_11bKMThh6lzCdm9 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_Vzj1vxTqVCvPags Object is locked skipped
C:\WINDOWS\Temp\mcmsc_zxWAabnWCiQlKVc Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
 
Your logs look ok..Does your Earthlink program have an antivirus feature in it?

*Using Windows Explorer, find and delete these files:

C:\Documents and Settings\Owner\Desktop\Nero-7.7.5.1_eng_update.exe
C:\Documents and Settings\Owner\Local Settings\Temp\NeroDemo12065\Toolbar.exe


*delete this foldeR:

C:\Program Files\MyWaySA

Reboot and post a fresh HijackThis log.
 
Logfile of HijackThis v1.99.1
Scan saved at 3:22:56 PM, on 3/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Documents and Settings\Owner\Desktop\HJT\hjths.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6028\SiteAdv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6028\SAService.exe
 
Sorry about that. Yes it has a spam and virus blocker. I have the spam blocker set as medium and the virus blocker enabled.

Thanks again for all your help.
 
Hi,

You already have the McAfee Internet Suite, you do not need Earthlink anymore..McAfee itself is kind of a "bloated" kind of an internet security suite nevertheless, it's not as "bloated" and as bad as Earthlink..I recommend that you uninstall Earthlink because the slowdowns is probably because of a conflict between those 2 programs..If you do not want to uninstall Earthlink, the least you can do is disable Earthlink's Antivirus feature so you'll only have one realtime monitoring on.
 
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
 
You must log in or register to reply here.
Back
Top