Jump to content

Loads of malware,virus, trojans

Lightnin Lad
 Share

Recommended Posts

Lightnin Lad

Lightnin Lad

Posted
Posted

My computer runs Windows XP and there appears to be alot of things wrong with it. Task manager is disabled, the anti virus software I was using ( AVG ) has been replaced by something called anti virus pro 2010 which I most definitely did not download or install and the machine crashes several times a day. When I try to run Hijack this to produce a log, I get the message 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.' The same goes for MBAM. The only tool that will run is Win32kdiag and the latest log that this has produced follows:

Running from: C:\Documents and Settings\Ray\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Ray\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

[1] 2004-08-04 05:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe ()

[1] 2008-04-14 01:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe

[1] 2004-10-14 19:21:58 654848 C:\WINDOWS\$hf_mig$\KB873339\update\update.exe (Microsoft Corporation)

[1] 2004-11-30 23:29:47 654848 C:\WINDOWS\$hf_mig$\KB885250\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 19:34:52 654848 C:\WINDOWS\$hf_mig$\KB885835\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 19:34:52 654848 C:\WINDOWS\$hf_mig$\KB887472\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 19:34:48 654848 C:\WINDOWS\$hf_mig$\KB888113\update\update.exe (Microsoft Corporation)

[1] 2004-10-14 19:21:58 654848 C:\WINDOWS\$hf_mig$\KB891781\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896358\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896423\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB896424\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB898461\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB899588\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB899591\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB901214\update\update.exe (Microsoft Corporation)

[1] 2005-02-25 04:35:05 718048 C:\WINDOWS\$hf_mig$\KB904706\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB908519\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB908531\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB911562\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB911567\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB912919\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB912945\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB914388\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB916281\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB917159\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB917344\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB918439\update\update.exe (Microsoft Corporation)

[1] 2005-10-13 00:12:28 716000 C:\WINDOWS\$hf_mig$\KB921883\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 18:18:04 755576 C:\WINDOWS\$hf_mig$\KB923561\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 02:22:56 716000 C:\WINDOWS\$hf_mig$\KB938127-v2-IE7\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:20:44 755576 C:\WINDOWS\$hf_mig$\KB946648\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB950760\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB950762\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB950974\update\update.exe (Microsoft Corporation)

[1] 2007-12-03 16:25:31 755576 C:\WINDOWS\$hf_mig$\KB951066\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB951376-v2\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB951698\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB951748\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB951978\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB952004\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB952287\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB952954\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB954459\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB954600\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB955069\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB955839\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 02:22:59 716000 C:\WINDOWS\$hf_mig$\KB956390-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB956572\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB956744\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB956802\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB956803\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB956841\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB956844\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB957097\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB958215\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB958644\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 12:18:51 755576 C:\WINDOWS\$hf_mig$\KB958687\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB958690\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB959426\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB960225\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB960714\update\update.exe (Microsoft Corporation)

[1] 2008-11-15 18:18:04 755576 C:\WINDOWS\$hf_mig$\KB960715\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB960803\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB960859\update\update.exe (Microsoft Corporation)

[1] 2007-03-06 02:22:59 716000 C:\WINDOWS\$hf_mig$\KB961260-IE7\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB961371\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB961373\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB961501\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB963027-IE7\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB967715\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB968537\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB969497-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB969897-IE8\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:22 755576 C:\WINDOWS\$hf_mig$\KB969898\update\update.exe (Microsoft Corporation)

[1] 2007-11-30 13:39:18 755576 C:\WINDOWS\$hf_mig$\KB970238\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB971557\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\$hf_mig$\KB971633\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB971657\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB971961-IE8\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB972260-IE8\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB973346\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973354\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973507\update\update.exe (Microsoft Corporation)

[1] 2009-05-26 12:40:52 755576 C:\WINDOWS\$hf_mig$\KB973815\update\update.exe (Microsoft Corporation)

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\$hf_mig$\KB973869\update\update.exe (Microsoft Corporation)

[1] 2008-07-09 08:38:29 755576 C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe ()

[1] 2008-07-08 14:02:04 755576 C:\WINDOWS\SoftwareDistribution\Download\defbb4f7b4be0d10108061e644c729f6\update\update.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\dumprep.exe

[1] 2004-08-04 05:00:00 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation)

[1] 2008-04-14 01:12:18 10752 C:\WINDOWS\system32\dumprep.exe ()

[1] 2004-08-04 05:00:00 10752 C:\i386\dumprep.exe (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 05:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-14 01:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-14 01:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

[1] 2004-08-04 05:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation)

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Finished!

I am in desperate need of your help! :lol:

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted

Hi,

  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Files to move:
    C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll


  • In the avenger window, click the Paste Script from Clipboard, pastets4.png button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r

Link to post
Share on other sites
Lightnin Lad

Lightnin Lad

Posted
  • Author
Posted

Hello Blade81' thankyou for the assistance.

Here is the Avenger log as you requested:

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File move operation "C:\WINDOWS\system32\logevent.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

and now the one from Win32kDiag:

Running from: C:\Documents and Settings\Ray\desktop\win32kdiag.exe

Log file at : C:\Documents and Settings\Ray\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\temp\temp

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\assembly\tmp\tmp

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Config\Config

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ftpcache\ftpcache

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib

Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\chsime\applets\applets

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp\applets\applets

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imejp98\imejp98

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\ime\shared\res\res

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\classes\classes

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\java\trustlib\trustlib

Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\News\News

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\PIF\PIF

Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Cannot access: C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe

Attempting to restore permissions of : C:\WINDOWS\SoftwareDistribution\Download\55ae228715888b68a08f491655790fa6\update\update.exe

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Cannot access: C:\WINDOWS\system32\dumprep.exe

Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Finished!

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted

Thanks for the logs :)

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Link to post
Share on other sites
Lightnin Lad

Lightnin Lad

Posted
  • Author
Posted

Sorry for the delay, but I am now having to follow your instructions and post replies from a different computer because Internet Explorer will not open on mine anymore ;) As a precaution I have disconnected this machine from the internet.

On a positive note, DDS now runs!! so we may be getting somewhere <_< Here is the first log:

DDS (Ver_09-07-30.01) - NTFSx86

Run by Ray at 16:12:43.56 on 14/10/2009

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.658 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\stsystra.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

C:\WINDOWS\system32\winupdate.exe

C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe

C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe

C:\DOCUME~1\Ray\LOCALS~1\Temp\winamp.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Logitech\SetPoint\KEM.exe

C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE

C:\Documents and Settings\Ray\Local Settings\Temp\notepad.exe

C:\Documents and Settings\Ray\Local Settings\Temp\notepad.exe

C:\Documents and Settings\Ray\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.liverpoolfc.tv/

uSearch Bar =

uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4060911

uInternet Connection Wizard,ShellNext = iexplore

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,

BHO: c:\windows\system32\kn7sep.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\kn7sep.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /M "Stylus Photo R220" /EF "HKCU"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [PopRock] c:\docume~1\ray\locals~1\temp\b.exe

uRun: [mserv] c:\documents and settings\ray\application data\svcst.exe

uRun: [svchost] c:\documents and settings\ray\application data\svcst.exe

uRun: [calc] rundll32.exe c:\docume~1\ray\ntuser.dll,_IWMPEvents@0

uRun: [Login Software 2009] c:\docume~1\ray\locals~1\temp\cvjcx.exe

uRun: [Yjafosi8kdf98winmdkmnkmfnwe] c:\docume~1\ray\locals~1\temp\winamp.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [EPSON Stylus Photo R220 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [net] "c:\windows\system32\net.net"

mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0

mRun: [winupdate.exe] c:\windows\system32\winupdate.exe

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\KEM.exe

uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

uPolicies-explorer: NoFolderOptions = 1 (0x1)

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-system: DisableTaskMgr = 1 (0x1)

uPolicies-system: DisableRegistryTools = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236955019561

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

STS: c:\windows\system32\kn7sep.dll: {a249bc15-23f2-42ad-f4e4-00aac39c0004} - c:\windows\system32\kn7sep.dll

============= SERVICES / DRIVERS ===============

S2 Active Common Service;Active Common Service;c:\windows\system32\commserv.exe --> c:\windows\system32\commserv.exe [?]

S2 gupdate1c9b36c43521524;Google Update Service (gupdate1c9b36c43521524);c:\program files\google\update\GoogleUpdate.exe [2009-4-2 133104]

S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]

S4 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]

=============== Created Last 30 ================

2009-10-14 09:24 10,730 a------- c:\docume~1\alluse~1\applic~1\seqe.com

2009-10-06 13:54 18,516 a------- c:\program files\common files\ihegon.dll

2009-10-06 13:54 17,280 a------- c:\windows\ypeb.inf

2009-10-06 13:54 16,756 a------- c:\windows\uxaferuw.exe

2009-10-06 13:54 16,301 a------- c:\docume~1\alluse~1\applic~1\uboz.scr

2009-10-06 13:54 15,895 a------- c:\docume~1\ray\applic~1\ykimu.bat

2009-10-06 13:54 15,605 a------- c:\docume~1\alluse~1\applic~1\fyregapi.com

2009-10-06 13:54 15,456 a------- c:\program files\common files\byjamykuzi.scr

2009-10-06 13:54 15,436 a------- c:\program files\common files\wokileneb.bin

2009-10-06 13:54 15,027 a------- c:\docume~1\alluse~1\applic~1\gybevyka.scr

2009-10-06 13:54 12,842 a------- c:\docume~1\alluse~1\applic~1\dehigeqex.dll

2009-10-06 13:54 11,548 a------- c:\windows\vywetid.reg

2009-10-06 13:54 11,519 a------- c:\windows\usoxypuq.scr

2009-10-06 13:54 10,718 a------- c:\windows\awonef.com

2009-10-06 13:54 10,556 a------- c:\windows\odimi.dat

2009-10-06 13:51 166,400 a------- c:\windows\system32\_scui.cpl

2009-10-06 13:51 228,976 a------- c:\docume~1\ray\applic~1\lizkavd.exe

2009-10-06 13:51 <DIR> --d----- c:\program files\AntivirusPro_2010

2009-10-06 13:51 0 a------- c:\windows\system32\winhelper.dll

2009-10-06 13:51 0 a------- c:\windows\system32\AVR09.exe

2009-10-06 13:13 831 a------- c:\windows\system32\critical_warning.html

2009-10-06 13:13 45,568 a------- c:\windows\system32\winupdate.exe

2009-10-06 13:13 45,568 a------- C:\pjrvs.exe

2009-10-06 13:13 71,168 a------- C:\uccxui.exe

2009-10-06 13:13 15,000 a------- c:\windows\system32\kn7sep.dll

2009-10-06 13:13 10,752 a------- C:\cgcxo.exe

2009-10-02 13:32 72,704 a------- c:\windows\system32\drivers\gasfkyeecxnrjb.sys

2009-10-02 13:32 15,000 a------- c:\windows\system32\goe33c2es4.dll

2009-10-02 13:32 19,456 a------- C:\ekffax.exe

2009-10-02 13:32 6,144 a------- C:\avjelge.exe

2009-10-02 13:32 275,456 a------- c:\docume~1\ray\applic~1\seres.exe

2009-10-02 13:32 0 a------- c:\docume~1\ray\applic~1\svcst.exe

2009-10-02 13:32 320,000 a------- c:\windows\system32\~.exe

2009-09-24 13:55 1 a------- c:\windows\system32\jc.dat

2009-09-24 13:55 1 a------- c:\windows\system32\idm.dat

2009-09-24 13:55 1 a------- c:\windows\system32\c2d.dat

2009-09-24 11:44 44,544 a------- c:\windows\system32\igfx0.dll

2009-09-24 11:44 28,323 a------- c:\windows\system32\glhg

2009-09-24 11:44 664 a------- c:\windows\system32\d3d9caps.dat

2009-09-22 15:20 <DIR> --d-h--- c:\windows\PIF

2009-09-22 09:32 <DIR> --d----- c:\program files\Trend Micro

2009-09-21 16:46 <DIR> --d----- c:\docume~1\ray\applic~1\Malwarebytes

2009-09-21 16:46 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-21 16:46 19,160 a------- c:\windows\system32\drivers\mbam.sys

2009-09-21 16:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-09-21 16:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-09-21 15:20 <DIR> --d----- C:\Autoruns

2009-09-21 15:18 590,280 a------- C:\Autoruns.zip

2009-09-21 14:10 153,600 a------- c:\windows\msa.exe

2009-09-21 14:10 0 a------- c:\windows\win32k.sys

2009-09-21 14:10 36,864 a------- c:\windows\system32\net.net

2009-09-21 13:57 991,658 a------- c:\windows\system32\xa.tmp

==================== Find3M ====================

2009-08-20 11:43 11,952 a------- c:\windows\system32\avgrsstx.dll

2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 10:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 14:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 20:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

2008-07-30 15:04 482 a------- c:\docume~1\ray\applic~1\wklnhst.dat

2006-10-02 11:48 88 ---shr-- c:\windows\system32\5B4CCAFDE8.sys

2006-10-31 17:25 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:13:54.40 ===============

the second log says to zip & attach so I have.

Link to post
Share on other sites
Lightnin Lad

Lightnin Lad

Posted
  • Author
Posted

Maybe spoke to soon as had a problem with GMER as the @*!# comp keeps crashing! Finally got the log copied and saved - here it is:

GMER 1.0.15.15125 - http://www.gmer.net

Rootkit scan 2009-10-15 10:18:01

Windows 5.1.2600 Service Pack 3

Running: rkb7fwp5.exe; Driver: C:\DOCUME~1\Ray\LOCALS~1\Temp\fwddapob.sys

---- System - GMER 1.0.15 ----

Code 86E17460 ZwEnumerateKey

Code 86EDB058 ZwFlushInstructionCache

Code 86E0E8A6 IofCallDriver

Code 86E0E3D6 IofCompleteRequest

Code 86EDACCD ZwSaveKey

Code 86ED9815 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86E0E8AB

.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 86E0E3DB

.text ntkrnlpa.exe!ZwSaveKey 80500D68 5 Bytes JMP 86EDACD2

.text ntkrnlpa.exe!ZwSaveKeyEx 80500D7C 5 Bytes JMP 86ED981A

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 86EDB05C

PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 86E17464

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\stsystra.exe[956] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 018629A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\stsystra.exe[956] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 01861BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\stsystra.exe[956] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 01861B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\stsystra.exe[956] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 01861B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\stsystra.exe[956] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 01861B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 010E29A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 010E1BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 010E1B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 010E1B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 010E1B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Winamp\winampa.exe[1536] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Winamp\winampa.exe[1536] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Winamp\winampa.exe[1536] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\Explorer.EXE[1572] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\Explorer.EXE[1572] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\QuickTime\qttask.exe[1976] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\QuickTime\qttask.exe[1976] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\QuickTime\qttask.exe[1976] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\rundll32.exe[2120] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\rundll32.exe[2120] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\rundll32.exe[2120] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\winupdate.exe[2148] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\winupdate.exe[2148] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\winupdate.exe[2148] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] ADVAPI32.DLL!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] ADVAPI32.DLL!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KEM.exe[2588] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 00F529A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 00F51BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 00F51B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 00F51B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 00F51B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes PUSH 100029A9; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!FindNextFileW 7C80EFDA 6 Bytes PUSH 10001BCE; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\notepad.exe[3672] kernel32.dll!FindNextFileA 7C834EE1 6 Bytes PUSH 10001B9A; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\notepad.exe[3672] ADVAPI32.dll!RegDeleteValueA 77DDECE5 6 Bytes PUSH 10001B03; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

.text C:\WINDOWS\system32\notepad.exe[3672] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 6 Bytes PUSH 10001B2B; RET C:\WINDOWS\system32\calc.dll (Application/Microsoft)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\svchost.exe[196] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00DF5366

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5366

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00DF52B2

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00DF524D

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DF521B

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00DF5366

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 00DF58D5

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 00DF562B

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00DF58D5

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00DF562B

IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00DF58D5

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CF5366

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CF52B2

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CF524D

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CF521B

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00CF52B2

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CF5366

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00CF52B2

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00CF524D

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00CF562B

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00CF58D5

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00CF58D5

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00CF562B

IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00CF58D5

IAT C:\WINDOWS\system32\svchost.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0101521B

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\stsystra.exe[956] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5366

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD52B2

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD524D

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD521B

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00FD562B

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00FD58D5

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00FD58D5

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00FD562B

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00FD58D5

IAT C:\WINDOWS\system32\svchost.exe[1028] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5366

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 02055366

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 020552B2

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0205524D

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0205521B

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0205562B

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 020558D5

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 020558D5

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0205562B

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 020558D5

IAT C:\WINDOWS\System32\svchost.exe[1076] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 02055366

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[1132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00145366

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001452B2

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014524D

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014521B

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0014562B

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001458D5

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001458D5

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0014562B

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001458D5

IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[1276] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00145366

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\System32\DLA\DLACTRLW.EXE[1384] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE[1508] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075366

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000752B2

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007524D

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007521B

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000758D5

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 000758D5

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0007562B

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0007562B

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000758D5

IAT C:\Program Files\Winamp\winampa.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075366

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\Explorer.EXE [uSER32.dll!TranslateMessage] 00CB58D5

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00CB5366

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00CB52B2

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00CB524D

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00CB521B

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 00CB562B

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 00CB58D5

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 00CB58D5

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 00CB58D5

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 00CB562B

IAT C:\WINDOWS\Explorer.EXE[1572] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00CB5366

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Java\jre6\bin\jqs.exe[1968] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\QuickTime\qttask.exe[1976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Java\jre6\bin\jusched.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\wininet.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\wininet.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExA] [00417004] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExW] [0041707E] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\userenv.dll [uSER32.dll!SetWindowPos] [004171AA] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe[2100] @ C:\WINDOWS\system32\userenv.dll [uSER32.dll!ShowWindow] [004170F8] C:\DOCUME~1\Ray\LOCALS~1\Temp\b.exe

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\rundll32.exe[2120] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075366

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000752B2

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0007524D

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0007521B

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 000758D5

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0007562B

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000758D5

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0007562B

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000758D5

IAT C:\WINDOWS\system32\winupdate.exe[2148] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075366

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe[2356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\cvjcx.exe[2408] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\OLE32.DLL [uSER32.dll!GetClipboardData] 0013562B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\OLE32.DLL [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\DOCUME~1\Ray\LOCALS~1\Temp\win32.exe[2444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2544] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Logitech\SetPoint\KEM.exe[2588] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE[2648] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2880] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\System32\alg.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085366

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000852B2

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008524D

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008521B

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0008562B

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 000858D5

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 000858D5

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 000858D5

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0008562B

IAT C:\WINDOWS\system32\wuauclt.exe[3316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085366

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001352B2

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013524D

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0013521B

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0013562B

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 001358D5

IAT C:\Documents and Settings\Ray\Desktop\rkb7fwp5.exe[3552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135366

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004052B2

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040524D

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040521B

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetClipboardData] 0040562B

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!TranslateMessage] 004058D5

IAT C:\WINDOWS\system32\notepad.exe[3672] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405366

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACxfyabwqvnc.sys (*** hidden *** ) [sYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxfyabwqvnc.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxfyabwqvnc.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACynxbdworvm.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACkpyymfoewb.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACjoqompiqwm.log

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxfyabwqvnc.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxfyabwqvnc.sys

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACynxbdworvm.dll

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACsr \\?\globalroot\systemroot\system32\UACkpyymfoewb.dat

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACerrors \\?\globalroot\systemroot\system32\UACjoqompiqwm.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Ray\Local Settings\Temp\UAC9651.tmp 343040 bytes executable

File C:\Documents and Settings\Ray\ntuser.dll 25088 bytes executable

File C:\Documents and Settings\Ray\Start Menu\Programs\Startup\scandisk.dll 25088 bytes executable

File C:\Documents and Settings\Ray\Start Menu\Programs\Startup\scandisk.lnk 645 bytes

File C:\drivers\system\onboard\SP\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} 0 bytes

File C:\drivers\system\onboard\SP\{F1DD4DED-15FD-4B70-B318-1FDDE337F30E} 0 bytes

---- EOF - GMER 1.0.15 ----

This infection seems to keep changing my wallpaper background now, informing me that 'System is infected' I know its only a minor thing but its bloomin annoying.

Do these logs tell you what virus this is? It seems particularly nasty.

Attach.zip

Link to post
Share on other sites
Blade81

Blade81

Posted
Posted

Got some bad news for you <_<

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept