Lightnin Lad
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Lightnin Lad
-
-
Maybe spoke to soon as had a problem with GMER as the @*!# comp keeps crashing! Finally got the log copied and saved - here it is:
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-15 10:18:01
Windows 5.1.2600 Service Pack 3
Running: rkb7fwp5.exe; Driver: C:\DOCUME~1\Ray\LOCALS~1\Temp\fwddapob.sys
---- System - GMER 1.0.15 ----
Code 86E17460 ZwEnumerateKey
Code 86EDB058 ZwFlushInstructionCache
Code 86E0E8A6 IofCallDriver
Code 86E0E3D6 IofCompleteRequest
Code 86EDACCD ZwSaveKey
Code 86ED9815 ZwSaveKeyEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86E0E8AB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86E0E3DB
.text ntkrnlpa.exe!ZwSaveKey 80500D68 5 Bytes JMP 86EDACD2
.text ntkrnlpa.exe!ZwSaveKeyEx 80500D7C 5 Bytes JMP 86ED981A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86EDB05C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86E17464
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\stsystra.exe[956] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 018629A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\stsystra.exe[956] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01861BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\stsystra.exe[956] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01861B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\stsystra.exe[956] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01861B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\stsystra.exe[956] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01861B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 010E29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 010E1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 010E1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 010E1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 010E1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Winamp\winampa.exe[1536] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Winamp\winampa.exe[1536] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[1572] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\Explorer.EXE[1572] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\QuickTime\qttask.exe[1976] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\QuickTime\qttask.exe[1976] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[2120] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\rundll32.exe[2120] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\winupdate.exe[2148] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\winupdate.exe[2148] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] ADVAPI32.DLL!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] ADVAPI32.DLL!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F529A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F51BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F51B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F51B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F51B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\notepad.exe[3672] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
.text C:\WINDOWS\system32\notepad.exe[3672] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00DF5366
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5366
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DF52B2
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DF524D
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DF521B
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5366
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 00DF58D5
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 00DF562B
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00DF58D5
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00DF562B
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00DF58D5
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CF5366
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CF52B2
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CF524D
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CF521B
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00CF52B2
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CF5366
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00CF52B2
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00CF524D
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00CF562B
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00CF58D5
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00CF58D5
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00CF562B
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00CF58D5
IAT C:\WINDOWS\system32\svchost.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0101521B
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5366
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD52B2
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD524D
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD521B
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00FD562B
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00FD58D5
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00FD58D5
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00FD562B
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00FD58D5
IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5366
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02055366
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 020552B2
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0205524D
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0205521B
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0205562B
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 020558D5
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 020558D5
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0205562B
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 020558D5
IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02055366
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00145366
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001452B2
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014524D
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014521B
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0014562B
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001458D5
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001458D5
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0014562B
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001458D5
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00145366
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075366
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000752B2
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007524D
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007521B
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000758D5
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 000758D5
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0007562B
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0007562B
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000758D5
IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075366
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!TranslateMessage] 00CB58D5
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CB5366
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CB52B2
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CB524D
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CB521B
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00CB562B
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00CB58D5
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00CB58D5
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00CB58D5
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00CB562B
IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CB5366
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\wininet.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\wininet.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\userenv.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\userenv.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075366
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000752B2
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007524D
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007521B
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 000758D5
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0007562B
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000758D5
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0007562B
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000758D5
IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075366
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\OLE32.DLL [uSER32.dll!GetClipboardData] 0013562B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\OLE32.DLL [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085366
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000852B2
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008524D
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008521B
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008562B
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000858D5
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000858D5
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 000858D5
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008562B
IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085366
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5
IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5
IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACxfyabwqvnc.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxfyabwqvnc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxfyabwqvnc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACynxbdworvm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACkpyymfoewb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACjoqompiqwm.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxfyabwqvnc.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxfyabwqvnc.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACynxbdworvm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACkpyymfoewb.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACjoqompiqwm.log
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Ray\Local Settings\Temp\UAC9651.tmp 343040 bytes executable
File C:\Documents and Settings\Ray\ntuser.dll 25088 bytes executable
File C:\Documents and Settings\Ray\Start Menu\Programs\Startup\scandisk.dll 25088 bytes executable
File C:\Documents and Settings\Ray\Start Menu\Programs\Startup\scandisk.lnk 645 bytes
File C:\drivers\system\onboard\SP\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} 0 bytes
File C:\drivers\system\onboard\SP\{F1DD4DED-15FD-4B70-B318-1FDDE337F30E} 0 bytes
---- EOF - GMER 1.0.15 ----
This infection seems to keep changing my wallpaper background now, informing me that 'System is infected' I know its only a minor thing but its bloomin annoying.
Do these logs tell you what virus this is? It seems particularly nasty.
-
Sorry for the delay, but I am now having to follow your instructions and post replies from a different computer because Internet Explorer will not open on mine anymore
As a precaution I have disconnected this machine from the internet.On a positive note, DDS now runs!! so we may be getting somewhere
Here is the first log:DDS (Ver_09-07-30.01) - NTFSx86
Run by Ray at 16:12:43.56 on 14/10/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.658 [GMT 1:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe
C:\WINDOWS\system32\winupdate.exe
C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe
C:\DOCUME~1\Ray\LOCALS~1\Temp\winamp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Documents and Settings\Ray\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Ray\Local Settings\Temp\notepad.exe
C:\Documents and Settings\Ray\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.liverpoolfc.tv/
uSearch Bar =
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060911
uInternet Connection Wizard,ShellNext = iexplore
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: c:\windows\system32\kn7sep.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\kn7sep.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [PopRock] c:\docume~1\ray\locals~1\temp\b.exe
uRun: [mserv] c:\documents and settings\ray\application data\svcst.exe
uRun: [svchost] c:\documents and settings\ray\application data\svcst.exe
uRun: [calc] rundll32.exe c:\docume~1\ray\ntuser.dll,_IWMPEvents@0
uRun: [Login Software 2009] c:\docume~1\ray\locals~1\temp\cvjcx.exe
uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\ray\locals~1\temp\winamp.exe
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [net] "c:\windows\system32\net.net"
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [winupdate.exe] c:\windows\system32\winupdate.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236955019561
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\kn7sep.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\kn7sep.dll
============= SERVICES / DRIVERS ===============
S2 Active Common Service;Active Common Service;c:\windows\system32\commserv.exe --> c:\windows\system32\commserv.exe [?]
S2 gupdate1c9b36c43521524;Google Update Service (gupdate1c9b36c43521524);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
=============== Created Last 30 ================
2009-10-14 09:24 10,730 a------- c:\docume~1\alluse~1\applic~1\seqe.com
2009-10-06 13:54 18,516 a------- c:\program files\common files\ihegon.dll
2009-10-06 13:54 17,280 a------- c:\windows\ypeb.inf
2009-10-06 13:54 16,756 a------- c:\windows\uxaferuw.exe
2009-10-06 13:54 16,301 a------- c:\docume~1\alluse~1\applic~1\uboz.scr
2009-10-06 13:54 15,895 a------- c:\docume~1\ray\applic~1\ykimu.bat
2009-10-06 13:54 15,605 a------- c:\docume~1\alluse~1\applic~1\fyregapi.com
2009-10-06 13:54 15,456 a------- c:\program files\common files\byjamykuzi.scr
2009-10-06 13:54 15,436 a------- c:\program files\common files\wokileneb.bin
2009-10-06 13:54 15,027 a------- c:\docume~1\alluse~1\applic~1\gybevyka.scr
2009-10-06 13:54 12,842 a------- c:\docume~1\alluse~1\applic~1\dehigeqex.dll
2009-10-06 13:54 11,548 a------- c:\windows\vywetid.reg
2009-10-06 13:54 11,519 a------- c:\windows\usoxypuq.scr
2009-10-06 13:54 10,718 a------- c:\windows\awonef.com
2009-10-06 13:54 10,556 a------- c:\windows\odimi.dat
2009-10-06 13:51 166,400 a------- c:\windows\system32\_scui.cpl
2009-10-06 13:51 228,976 a------- c:\docume~1\ray\applic~1\lizkavd.exe
2009-10-06 13:51 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-10-06 13:51 0 a------- c:\windows\system32\winhelper.dll
2009-10-06 13:51 0 a------- c:\windows\system32\AVR09.exe
2009-10-06 13:13 831 a------- c:\windows\system32\critical_warning.html
2009-10-06 13:13 45,568 a------- c:\windows\system32\winupdate.exe
2009-10-06 13:13 45,568 a------- C:\pjrvs.exe
2009-10-06 13:13 71,168 a------- C:\uccxui.exe
2009-10-06 13:13 15,000 a------- c:\windows\system32\kn7sep.dll
2009-10-06 13:13 10,752 a------- C:\cgcxo.exe
2009-10-02 13:32 72,704 a------- c:\windows\system32\drivers\gasfkyeecxnrjb.sys
2009-10-02 13:32 15,000 a------- c:\windows\system32\goe33c2es4.dll
2009-10-02 13:32 19,456 a------- C:\ekffax.exe
2009-10-02 13:32 6,144 a------- C:\avjelge.exe
2009-10-02 13:32 275,456 a------- c:\docume~1\ray\applic~1\seres.exe
2009-10-02 13:32 0 a------- c:\docume~1\ray\applic~1\svcst.exe
2009-10-02 13:32 320,000 a------- c:\windows\system32\~.exe
2009-09-24 13:55 1 a------- c:\windows\system32\jc.dat
2009-09-24 13:55 1 a------- c:\windows\system32\idm.dat
2009-09-24 13:55 1 a------- c:\windows\system32\c2d.dat
2009-09-24 11:44 44,544 a------- c:\windows\system32\igfx0.dll
2009-09-24 11:44 28,323 a------- c:\windows\system32\glhg
2009-09-24 11:44 664 a------- c:\windows\system32\d3d9caps.dat
2009-09-22 15:20 <DIR> --d-h--- c:\windows\PIF
2009-09-22 09:32 <DIR> --d----- c:\program files\Trend Micro
2009-09-21 16:46 <DIR> --d----- c:\docume~1\ray\applic~1\Malwarebytes
2009-09-21 16:46 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-21 16:46 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-21 16:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-21 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-21 15:20 <DIR> --d----- C:\Autoruns
2009-09-21 15:18 590,280 a------- C:\Autoruns.zip
2009-09-21 14:10 153,600 a------- c:\windows\msa.exe
2009-09-21 14:10 0 a------- c:\windows\win32k.sys
2009-09-21 14:10 36,864 a------- c:\windows\system32\net.net
2009-09-21 13:57 991,658 a------- c:\windows\system32\xa.tmp
==================== Find3M ====================
2009-08-20 11:43 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll
2009-07-19 14:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2008-07-30 15:04 482 a------- c:\docume~1\ray\applic~1\wklnhst.dat
2006-10-02 11:48 88 ---shr-- c:\windows\system32\5B4CCAFDE8.sys
2006-10-31 17:25 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
============= FINISH: 16:13:54.40 ===============
the second log says to zip & attach so I have.
-
Hello Blade81' thankyou for the assistance.
Here is the Avenger log as you requested:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
and now the one from Win32kDiag:
Running from: C:\Documents and Settings\Ray\desktop\win32kdiag.exe
Log file at : C:\Documents and Settings\Ray\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\temp\temp
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\assembly\tmp\tmp
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Config\Config
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ftpcache\ftpcache
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\chsime\applets\applets
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp\applets\applets
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imejp98\imejp98
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\ime\shared\res\res
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\classes\classes
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\java\trustlib\trustlib
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\PIF\PIF
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe
Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Cannot access: C:\WINDOWS\system32\dumprep.exe
Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Finished!
-
My computer runs Windows XP and there appears to be alot of things wrong with it. Task manager is disabled, the anti virus software I was using ( AVG ) has been replaced by something called anti virus pro 2010 which I most definitely did not download or install and the machine crashes several times a day. When I try to run Hijack this to produce a log, I get the message 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.' The same goes for MBAM. The only tool that will run is Win32kdiag and the latest log that this has produced follows:
Running from: C:\Documents and Settings\Ray\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\Ray\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\temp\temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\assembly\tmp\tmp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
[1] 2004-08-04 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)
[1] 2008-04-14 01:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()
[1] 2008-04-14 01:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe
[1] 2004-10-14 19:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)
[1] 2004-11-30 23:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 19:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 19:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 19:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)
[1] 2004-10-14 19:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)
[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB912945\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)
[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 18:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 02:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)
[1] 2007-12-03 16:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 02:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)
[1] 2008-11-15 18:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)
[1] 2007-03-06 02:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB969497-IE8\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)
[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)
[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)
[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe ()
[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\defbb4f7b4be0d10108061e644c729f6\update\update.exe (Microsoft Corporation)
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\dumprep.exe
[1] 2004-08-04 05:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)
[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)
[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()
[1] 2004-08-04 05:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2004-08-04 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 01:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 01:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 01:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
[1] 2004-08-04 05:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)
Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp
Mount point destination : \Device\__max++>\^
Finished!
I am in desperate need of your help!
As a precaution I have disconnected this machine from the internet.
Here is the first log:
Loads of malware,virus, trojans
in Resolved Malware Removal Logs
Posted
I have decided to go down the route of re-installation. Thanks for all your effort, I hope the bloody Dell recovery software works!!