Jump to content

Lightnin Lad

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

 Content Type 

Everything posted by Lightnin Lad

  1. Lightnin Lad
    I have decided to go down the route of re-installation. Thanks for all your effort, I hope the bloody Dell recovery software works!!
  2. Lightnin Lad
    Maybe spoke to soon as had a problem with GMER as the @*!# comp keeps crashing! Finally got the log copied and saved - here it is: GMER 1.0.15.15125 - http://www.gmer.net Rootkit scan 2009-10-15 10:18:01 Windows 5.1.2600 Service Pack 3 Running: rkb7fwp5.exe; Driver: C:\DOCUME~1\Ray\LOCALS~1\Temp\fwddapob.sys ---- System - GMER 1.0.15 ---- Code 86E17460 ZwEnumerateKey Code 86EDB058 ZwFlushInstructionCache Code 86E0E8A6 IofCallDriver Code 86E0E3D6 IofCompleteRequest Code 86EDACCD ZwSaveKey Code 86ED9815 ZwSaveKeyEx ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86E0E8AB .text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86E0E3DB .text ntkrnlpa.exe!ZwSaveKey 80500D68 5 Bytes JMP 86EDACD2 .text ntkrnlpa.exe!ZwSaveKeyEx 80500D7C 5 Bytes JMP 86ED981A PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86EDB05C PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86E17464 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\stsystra.exe[956] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 018629A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\stsystra.exe[956] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01861BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\stsystra.exe[956] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01861B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\stsystra.exe[956] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01861B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\stsystra.exe[956] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01861B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 010E29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 010E1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 010E1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 010E1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 010E1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Winamp\winampa.exe[1536] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Winamp\winampa.exe[1536] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\Explorer.EXE[1572] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\Explorer.EXE[1572] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\QuickTime\qttask.exe[1976] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\QuickTime\qttask.exe[1976] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\rundll32.exe[2120] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\rundll32.exe[2120] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\winupdate.exe[2148] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\winupdate.exe[2148] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] ADVAPI32.DLL!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] ADVAPI32.DLL!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F529A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F51BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F51B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F51B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F51B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\notepad.exe[3672] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) .text C:\WINDOWS\system32\notepad.exe[3672] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2 IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00DF5366 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5366 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DF52B2 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DF524D IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DF521B IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5366 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 00DF58D5 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 00DF562B IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00DF58D5 IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00DF562B IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00DF58D5 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CF5366 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CF52B2 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CF524D IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CF521B IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00CF52B2 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CF5366 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00CF52B2 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00CF524D IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00CF562B IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00CF58D5 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00CF58D5 IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00CF562B IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00CF58D5 IAT C:\WINDOWS\system32\svchost.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0101521B IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5366 IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD52B2 IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD524D IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD521B IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00FD562B IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00FD58D5 IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00FD58D5 IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00FD562B IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00FD58D5 IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5366 IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02055366 IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 020552B2 IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0205524D IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0205521B IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0205562B IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 020558D5 IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 020558D5 IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0205562B IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 020558D5 IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02055366 IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00145366 IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001452B2 IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014524D IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014521B IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0014562B IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001458D5 IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001458D5 IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0014562B IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001458D5 IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00145366 IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075366 IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000752B2 IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007524D IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007521B IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000758D5 IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 000758D5 IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0007562B IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0007562B IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000758D5 IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075366 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!TranslateMessage] 00CB58D5 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CB5366 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CB52B2 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CB524D IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CB521B IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00CB562B IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00CB58D5 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00CB58D5 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00CB58D5 IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00CB562B IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CB5366 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\wininet.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\wininet.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\userenv.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\userenv.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2 IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075366 IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000752B2 IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007524D IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007521B IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 000758D5 IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0007562B IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000758D5 IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0007562B IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000758D5 IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075366 IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\OLE32.DLL [uSER32.dll!GetClipboardData] 0013562B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\OLE32.DLL [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2 IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085366 IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000852B2 IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008524D IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008521B IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008562B IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000858D5 IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000858D5 IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 000858D5 IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008562B IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085366 IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2 IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5 IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366 IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2 IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5 IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions) ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\drivers\UACxfyabwqvnc.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxfyabwqvnc.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxfyabwqvnc.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACynxbdworvm.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACkpyymfoewb.dat Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACjoqompiqwm.log Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxfyabwqvnc.sys Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxfyabwqvnc.sys Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACynxbdworvm.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACkpyymfoewb.dat Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACjoqompiqwm.log ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Ray\Local Settings\Temp\UAC9651.tmp 343040 bytes executable File C:\Documents and Settings\Ray\ntuser.dll 25088 bytes executable File C:\Documents and Settings\Ray\Start Menu\Programs\Startup\scandisk.dll 25088 bytes executable File C:\Documents and Settings\Ray\Start Menu\Programs\Startup\scandisk.lnk 645 bytes File C:\drivers\system\onboard\SP\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} 0 bytes File C:\drivers\system\onboard\SP\{F1DD4DED-15FD-4B70-B318-1FDDE337F30E} 0 bytes ---- EOF - GMER 1.0.15 ---- This infection seems to keep changing my wallpaper background now, informing me that 'System is infected' I know its only a minor thing but its bloomin annoying. Do these logs tell you what virus this is? It seems particularly nasty. Attach.zip
  3. Lightnin Lad
    Sorry for the delay, but I am now having to follow your instructions and post replies from a different computer because Internet Explorer will not open on mine anymore As a precaution I have disconnected this machine from the internet. On a positive note, DDS now runs!! so we may be getting somewhere Here is the first log: DDS (Ver_09-07-30.01) - NTFSx86 Run by Ray at 16:12:43.56 on 14/10/2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.658 [GMT 1:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\stsystra.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe C:\WINDOWS\system32\winupdate.exe C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe C:\DOCUME~1\Ray\LOCALS~1\Temp\winamp.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Logitech\SetPoint\KEM.exe C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE C:\Documents and Settings\Ray\Local Settings\Temp\notepad.exe C:\Documents and Settings\Ray\Local Settings\Temp\notepad.exe C:\Documents and Settings\Ray\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.liverpoolfc.tv/ uSearch Bar = uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060911 uInternet Connection Wizard,ShellNext = iexplore mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe, BHO: c:\windows\system32\kn7sep.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\kn7sep.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU" uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [PopRock] c:\docume~1\ray\locals~1\temp\b.exe uRun: [mserv] c:\documents and settings\ray\application data\svcst.exe uRun: [svchost] c:\documents and settings\ray\application data\svcst.exe uRun: [calc] rundll32.exe c:\docume~1\ray\ntuser.dll,_IWMPEvents@0 uRun: [Login Software 2009] c:\docume~1\ray\locals~1\temp\cvjcx.exe uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\ray\locals~1\temp\winamp.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220" mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [net] "c:\windows\system32\net.net" mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0 mRun: [winupdate.exe] c:\windows\system32\winupdate.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe uPolicies-explorer: NoSetActiveDesktop = 1 (0x1) uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) uPolicies-explorer: NoFolderOptions = 1 (0x1) uPolicies-explorer: ForceClassicControlPanel = 1 (0x1) uPolicies-system: DisableTaskMgr = 1 (0x1) uPolicies-system: DisableRegistryTools = 1 (0x1) mPolicies-explorer: NoSetActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236955019561 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll STS: c:\windows\system32\kn7sep.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\kn7sep.dll ============= SERVICES / DRIVERS =============== S2 Active Common Service;Active Common Service;c:\windows\system32\commserv.exe --> c:\windows\system32\commserv.exe [?] S2 gupdate1c9b36c43521524;Google Update Service (gupdate1c9b36c43521524);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992] =============== Created Last 30 ================ 2009-10-14 09:24 10,730 a------- c:\docume~1\alluse~1\applic~1\seqe.com 2009-10-06 13:54 18,516 a------- c:\program files\common files\ihegon.dll 2009-10-06 13:54 17,280 a------- c:\windows\ypeb.inf 2009-10-06 13:54 16,756 a------- c:\windows\uxaferuw.exe 2009-10-06 13:54 16,301 a------- c:\docume~1\alluse~1\applic~1\uboz.scr 2009-10-06 13:54 15,895 a------- c:\docume~1\ray\applic~1\ykimu.bat 2009-10-06 13:54 15,605 a------- c:\docume~1\alluse~1\applic~1\fyregapi.com 2009-10-06 13:54 15,456 a------- c:\program files\common files\byjamykuzi.scr 2009-10-06 13:54 15,436 a------- c:\program files\common files\wokileneb.bin 2009-10-06 13:54 15,027 a------- c:\docume~1\alluse~1\applic~1\gybevyka.scr 2009-10-06 13:54 12,842 a------- c:\docume~1\alluse~1\applic~1\dehigeqex.dll 2009-10-06 13:54 11,548 a------- c:\windows\vywetid.reg 2009-10-06 13:54 11,519 a------- c:\windows\usoxypuq.scr 2009-10-06 13:54 10,718 a------- c:\windows\awonef.com 2009-10-06 13:54 10,556 a------- c:\windows\odimi.dat 2009-10-06 13:51 166,400 a------- c:\windows\system32\_scui.cpl 2009-10-06 13:51 228,976 a------- c:\docume~1\ray\applic~1\lizkavd.exe 2009-10-06 13:51 <DIR> --d----- c:\program files\AntivirusPro_2010 2009-10-06 13:51 0 a------- c:\windows\system32\winhelper.dll 2009-10-06 13:51 0 a------- c:\windows\system32\AVR09.exe 2009-10-06 13:13 831 a------- c:\windows\system32\critical_warning.html 2009-10-06 13:13 45,568 a------- c:\windows\system32\winupdate.exe 2009-10-06 13:13 45,568 a------- C:\pjrvs.exe 2009-10-06 13:13 71,168 a------- C:\uccxui.exe 2009-10-06 13:13 15,000 a------- c:\windows\system32\kn7sep.dll 2009-10-06 13:13 10,752 a------- C:\cgcxo.exe 2009-10-02 13:32 72,704 a------- c:\windows\system32\drivers\gasfkyeecxnrjb.sys 2009-10-02 13:32 15,000 a------- c:\windows\system32\goe33c2es4.dll 2009-10-02 13:32 19,456 a------- C:\ekffax.exe 2009-10-02 13:32 6,144 a------- C:\avjelge.exe 2009-10-02 13:32 275,456 a------- c:\docume~1\ray\applic~1\seres.exe 2009-10-02 13:32 0 a------- c:\docume~1\ray\applic~1\svcst.exe 2009-10-02 13:32 320,000 a------- c:\windows\system32\~.exe 2009-09-24 13:55 1 a------- c:\windows\system32\jc.dat 2009-09-24 13:55 1 a------- c:\windows\system32\idm.dat 2009-09-24 13:55 1 a------- c:\windows\system32\c2d.dat 2009-09-24 11:44 44,544 a------- c:\windows\system32\igfx0.dll 2009-09-24 11:44 28,323 a------- c:\windows\system32\glhg 2009-09-24 11:44 664 a------- c:\windows\system32\d3d9caps.dat 2009-09-22 15:20 <DIR> --d-h--- c:\windows\PIF 2009-09-22 09:32 <DIR> --d----- c:\program files\Trend Micro 2009-09-21 16:46 <DIR> --d----- c:\docume~1\ray\applic~1\Malwarebytes 2009-09-21 16:46 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-21 16:46 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-09-21 16:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-09-21 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-09-21 15:20 <DIR> --d----- C:\Autoruns 2009-09-21 15:18 590,280 a------- C:\Autoruns.zip 2009-09-21 14:10 153,600 a------- c:\windows\msa.exe 2009-09-21 14:10 0 a------- c:\windows\win32k.sys 2009-09-21 14:10 36,864 a------- c:\windows\system32\net.net 2009-09-21 13:57 991,658 a------- c:\windows\system32\xa.tmp ==================== Find3M ==================== 2009-08-20 11:43 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll 2009-07-19 14:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll 2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll 2008-07-30 15:04 482 a------- c:\docume~1\ray\applic~1\wklnhst.dat 2006-10-02 11:48 88 ---shr-- c:\windows\system32\5B4CCAFDE8.sys 2006-10-31 17:25 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 16:13:54.40 =============== the second log says to zip & attach so I have.
  4. Lightnin Lad
    Hello Blade81' thankyou for the assistance. Here is the Avenger log as you requested: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. and now the one from Win32kDiag: Running from: C:\Documents and Settings\Ray\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\Ray\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ftpcache\ftpcache Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Cannot access: C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Finished!
  5. Lightnin Lad
    My computer runs Windows XP and there appears to be alot of things wrong with it. Task manager is disabled, the anti virus software I was using ( AVG ) has been replaced by something called anti virus pro 2010 which I most definitely did not download or install and the machine crashes several times a day. When I try to run Hijack this to produce a log, I get the message 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.' The same goes for MBAM. The only tool that will run is Win32kdiag and the latest log that this has produced follows: Running from: C:\Documents and Settings\Ray\Desktop\Win32kDiag.exe Log file at : C:\Documents and Settings\Ray\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-04 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-14 01:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe () [1] 2008-04-14 01:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe [1] 2004-10-14 19:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation) [1] 2004-11-30 23:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation) [1] 2004-10-14 19:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation) [1] 2004-10-14 19:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation) [1] 2004-10-14 19:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation) [1] 2004-10-14 19:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation) [1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB912945\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation) [1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation) [1] 2008-11-15 18:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation) [1] 2007-03-06 02:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation) [1] 2007-12-03 16:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation) [1] 2007-03-06 02:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation) [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation) [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation) [1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation) [1] 2008-11-15 18:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation) [1] 2007-03-06 02:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation) [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB969497-IE8\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation) [1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation) [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation) [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation) [1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation) [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation) [1] 2008-07-09 08:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe () [1] 2008-07-08 14:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\defbb4f7b4be0d10108061e644c729f6\update\update.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 05:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-14 01:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-14 01:12:18 10752 C:\WINDOWS\system32\dumprep.exe () [1] 2004-08-04 05:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-14 01:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-14 01:11:53 61952 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-14 01:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-04 05:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished! I am in desperate need of your help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.