Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » [Active] Computer loading awfully slow--HJT Log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

[Active] Computer loading awfully slow--HJT Log

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 20-08-2009, 12:44 PM
Full Member
New Recruit
  
Join Date: May 2006
Posts: 64
dashelter Is a beginner here at D-A-L
Question [Active] Computer loading awfully slow--HJT Log
Please find below my HJT Log dated today August 20.
This PC is running and loading slow.
Please help clean up and speed up. Thanks so much.

Here's HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:26 AM, on 8/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\pacivend.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLa uncher.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.38.31/ttinst.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O21 - SSODL: Faxisend - {9EAF25B9-1793-4315-8812-A749AE750CD3} - C:\WINDOWS\system32\disonms.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\pacivend.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7694 bytes

Graeme
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 21-08-2009, 02:12 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
re: [Active] Computer loading awfully slow--HJT Log
Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: SUPERAntiSpyware.com - Database Definition Information.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: Malwarebytes.org to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15077 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4.
Post fresh HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 21-08-2009, 06:03 PM
Full Member
New Recruit
  
Join Date: May 2006
Posts: 64
dashelter Is a beginner here at D-A-L
Re: [Active] Computer loading awfully slow--HJT Log
Latest HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:06 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\pacivend.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\cfgmng32.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafw] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [dvHighMem] C:\WINDOWS\cfgmng32.exe
O4 - HKLM\..\RunOnce: [ccube_TrustList] "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /trustlist
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WMC_WMPDBExport] C:\Program Files\Windows Media Player\wmdbexport.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://a.download.toontown.com/sv1.0.38.31/ttinst.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: Faxisend - {9EAF25B9-1793-4315-8812-A749AE750CD3} - C:\WINDOWS\system32\disonms.dll
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: System Event Dispatcher - Unknown owner - C:\WINDOWS\system32\pacivend.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: WinSock Svchost Manager (WinSvchostManager) - Unknown owner - C:\WINDOWS\system32\svcprs32.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe

--
End of file - 7916 bytes
__________________________________________________ ____

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 08/21/2009 at 09:42 AM

Application Version : 4.27.1002

Core Rules Database Version : 4065
Trace Rules Database Version: 2005

Scan type : Complete Scan
Total Scan Time : 01:54:26

Memory items scanned : 246
Memory threats detected : 0
Registry items scanned : 6399
Registry threats detected : 6
File items scanned : 56237
File threats detected : 0

Adware.MyWebSearch/FunWebProducts
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
________________________________________________


Malwarebytes' Anti-Malware 1.40
Database version: 2670
Windows 5.1.2600 Service Pack 3

8/21/2009 10:39:29 AM
mbam-log-2009-08-21 (10-39-29).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 142423
Time elapsed: 31 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
__________________________________________________ ________

GMER 1.0.15.15077 [iei83ye2[1].exe] - GMER - Rootkit Detector and Remover
Rootkit scan 2009-08-21 12:44:21
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xAA06C6EA]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwCreateSection [0xAA5D2FD2]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xAA06D40B]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xAA06D75C]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xAA06C64E]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xAA06D130]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xAA5D2662]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xAA06D538]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504504 4 Bytes JMP 92AA06C6

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10086A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 100A7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10086AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 100A79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100A7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 100A83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 100A7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100A7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100A7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100A7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100A7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100A8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 100A8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 100A90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100A8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[296] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100A89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C96A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 00CB7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C96AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 00CB79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 00CB7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CB83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00CB7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CB7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00CB7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CB7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CB8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00CB7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CB8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CB8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00CB8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00CB90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00CB8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[512] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00CB89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 029B7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 029B79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 029B7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 029B83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 029B7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 029B7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 029B7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!send 71AB4C27 5 Bytes JMP 029B7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 029B8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 029B7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!recv 71AB676F 5 Bytes JMP 029B8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 029B8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 029B8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 029B90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 029B8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\Explorer.EXE[632] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 029B89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10086A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 100A7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10086AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 100A79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100A7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 100A83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 100A7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100A7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100A7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100A7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100A7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100A8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 100A8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 100A90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100A8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\ctfmon.exe[1996] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100A89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012E6A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 01307774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012E6AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 013079B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 01307844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 013083D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 01307FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01307AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01307ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01307D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01308E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01307B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01308554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01308AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 01308214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 013090B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 01308D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe[2224] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 013089E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10086A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 100A7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10086AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 100A79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100A7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 100A83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 100A7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100A7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100A7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100A7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100A7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100A8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 100A8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 100A90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100A8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XPHWWTUA\iei83ye2[1].exe[2304] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100A89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10086A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 100A7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10086AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 100A79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100A7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 100A83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 100A7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100A7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100A7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100A7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100A7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100A8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 100A8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 100A90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100A8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\WINDOWS\system32\wuauclt.exe[2528] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100A89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD6A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 00BF7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BD6AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 00BF79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 00BF7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00BF83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 00BF7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BF7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00BF7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BF7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BF8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00BF7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BF8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BF8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 00BF8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 00BF90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 00BF8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2556] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 00BF89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10086A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 100A7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10086AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 100A79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100A7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 100A83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!sendto 71AB2F51 5 Bytes JMP 100A7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100A7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 100A7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!send 71AB4C27 5 Bytes JMP 100A7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100A7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100A8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!listen 71AB8CD3 5 Bytes JMP 100A8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 100A90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100A8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2744] ws2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100A89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00996A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 009B7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00996AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 009B79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 009B7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 009B83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 009B7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 009B7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 009B7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!send 71AB4C27 5 Bytes JMP 009B7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 009B8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 009B7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!recv 71AB676F 5 Bytes JMP 009B8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 009B8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 009B8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 009B90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 009B8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe[3508] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 009B89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10086A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 100A7774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10086AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 100A79B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 100A7844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 100A83D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 100A7FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100A7AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100A7ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100A7D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 100A8E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100A7B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100A8554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 100A8AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 100A8214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 100A90B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 100A8D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 100A89E4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01F76A04 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] kernel32.dll!GetQueuedCompletionStatus 7C80A7BD 5 Bytes JMP 01F97774 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01F76AD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] Secur32.dll!EncryptMessage 77FEA68D 5 Bytes JMP 01F979B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] Secur32.dll!DecryptMessage 77FEA6DC 5 Bytes JMP 01F97844 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 01F983D4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!sendto 71AB2F51 5 Bytes JMP 01F97FD4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01F97AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 01F97ED4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F97D64 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01F98E84 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 01F97B74 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01F98554 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01F98AA4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!listen 71AB8CD3 5 Bytes JMP 01F98214 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!WSARecvFrom 71ABF66A 5 Bytes JMP 01F990B4 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!WSASendTo 71AC0AAD 5 Bytes JMP 01F98D34 C:\WINDOWS\system32\keyamsvr.dll
.text C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe[4028] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 5 Bytes JMP 01F989E4 C:\WINDOWS\system32\keyamsvr.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F82650E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F8266F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F8266B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F82675A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F8267180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F8264C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F8264B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F82650E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F8266F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F8264C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F8266B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F8267180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F82675A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F8266F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F8267180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F82675A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F8266B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F8266F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F8266B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F82675A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F8267180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F8267180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F8266E90] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F8267660] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F8266B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F8264B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F8266F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F8266B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F82650E0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F8266F70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F8264C60] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F82675A0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F8267180] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F8264BC0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F8264B20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [F8265B70] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8266BD0] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8266A20] kmxstart.sys (HIPS Core Driver/CA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8266460] kmxstart.sys (HIPS Core Driver/CA)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4016] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Ntfs \Ntfs VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
Device \FileSystem\Fastfat \Fat A899FD20

AttachedDevice \FileSystem\Fastfat \Fat KmxFile.sys (HIPS File Guard driver/CA)
AttachedDevice \FileSystem\Fastfat \Fat VET-FILT.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32@ {00020420-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid@ {00020424-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32@ {00020424-0000-0000-C000-000000000046}

---- EOF - GMER 1.0.15 ----
________________________________

Also, I got an annoying exclamation reminder of "Updates ready to install" in the tray. I have been installing the same update...apparently, system is not taking it.
___
Awaiting next steps and thanks much.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 22-08-2009, 05:28 AM
broni's Avatar
Senior Member
  
Join Date: Nov 2004
Posts: 2,268
broni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniturebroni is beginning to become part of the furniture
Re: [Active] Computer loading awfully slow--HJT Log
Same computer as this one: [Active] Computer running VERY slow...HJT log ?
__________________
My Home Page
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Active] Computer running VERY slow...HJT log dashelter Spyware, Adware, Viruses and HijackThis Logs 4 22-08-2009 05:28 AM
[Active] Operating System not loading correctly[HJS log included.] Misora Spyware, Adware, Viruses and HijackThis Logs 26 07-08-2009 10:30 PM
[Active] Online Demo?? Computer slow dotcomphilly Spyware, Adware, Viruses and HijackThis Logs 1 23-07-2009 02:34 AM
[Active] Slow Computer (is it just a case of needing more RAM?) swisspm Spyware, Adware, Viruses and HijackThis Logs 1 23-06-2009 12:05 AM
Slow loading jdorisco Windows XP Help 1 11-01-2006 06:09 PM


All times are GMT +1. The time now is 01:27 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav