Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/hostblock


  • Please log in to reply
28 replies to this topic

#1 Warrior18

Warrior18

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 19 November 2007 - 09:39 PM

Have been battling trying to remove this problem for a week. Have tried other sites with no luck. Numerous scans and "fixes" but problem keeps coming back. The Hijack log attached is after going thru steps outlined. Prompted to reboot (for the upmtenth time) and infections still come up after reboots. Ca comes up with Win32/Hostblock saying certain file is cleaned while another is infected (reoccuring theme). AVG message come up such as "Trojan System32/winter.exe but when you hit fix or move to vault it says that action cannot be performed. Windows prompt comes up saying system is being copied and that I should click OK for spy removal software (haven't fallen for that yet). System works OK after a cleaning (various methods have been used) but everything starts up from scatch again after reboot or logging onto system. Insights into this issue would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:05 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\Tosh\Desktop\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Documents and Settings\Tosh\Desktop\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
c:\program files\common files\aol\1138232769\ee\aim6.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Tosh\Desktop\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-847393993-1136733869-1049852063-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Shane')
O4 - HKUS\S-1-5-21-847393993-1136733869-1049852063-1008\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Shane')
O4 - HKUS\S-1-5-21-847393993-1136733869-1049852063-1008\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Shane')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137809377546
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail3.excellus.com/dwa7W.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Tosh\Desktop\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13946 bytes

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:00 AM

Posted 05 December 2007 - 01:21 PM

Hi Warrior18, :thumbsup:

If you still need help please post a fresh HijackThis log and I'll be happy to look at it for you.

Thanks for your patience. :blink:

P.S. Please copy/paste the log into this thread using the Add Reply button.

#3 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 05 December 2007 - 06:26 PM

Hi Falu,

As they say patience is a virtue and the help is appreciated. Since I posted I have tried to clean this up with a couple of different things to at least get things manageable. The scan I did with Kaspersky came up with "Trojan.Win32.Qhost.ww" but had no definition. That was located @ c:\documentsand settings\auto.exe.bac_a02452. I'm pretty sure the file was deleted. Now I'm getting pop ups from Kaspersky saying things like the following: "c:\Windows\explorer.exe detected modification of riskware Invader" and "c\Windows\system32\svchost.exe detected modification of riskware Invader". Also the computer is running slow in general. Anyway here is the updated log and Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57:32 AM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137809377546
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail3.excellus.com/dwa7W.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12370 bytes

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:00 AM

Posted 07 December 2007 - 07:06 AM

Hi Warrior18, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

Let's start with some of your questions/remarks:

>

Now I'm getting pop ups from Kaspersky saying things like the following: "c:\Windows\explorer.exe detected modification of riskware Invader" and "c\Windows\system32\svchost.exe detected modification of riskware Invader".


Risk invader means that a program, good or bad, is trying to inject its code into another process. This is a real time detection and won't get detected by a scan.
You are using Spyware Doctor, its known to cause it. After you uninstall it you should get less 'invaders'.

>

Also the computer is running slow in general.


Check Help! My computer is slow! and Computer and browser slowness are not always malware related and please follow all the instructions given.

1. Are you using a firewall? I see nothing in your log that would indicate that you have. I urge you to install one since it's your first defense against malware. There are several good but for free programmes available like:

Comodo Firewall Pro
Kerio
Zone alarm

For a tutorial on Firewalls click: Understanding and Using Firewalls!

2. As you can see Partypoker is considered an unwanted program. If you agree:

Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program if listed:

Partypoker

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
Additional info: http://vil.nai.com/vil/content/v_137262.htm

If you agree: from within Add/Remove Programs, remove the following programs if present:

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar


3. Please reboot!

4. You must disable some of your protection programmes since they may interfere with the fixes we have to make. You may re-enable them once your clean; I will let you know!

> Spyware Doctor:

a. Open Spyware Doctor
b. Click on the 'Settings' button on the left hand panel
c. Then click on the 'Startup Settings' under 'Pick a Category'
d. Uncheck the box on the right that says 'Run at Windows Startup'

> SuperAntispyware:

Right-click on the shortcut from the system tray, choose View Control Center (preferences/options), on the General and Startup tab, uncheck, Start SUPERAntispyware when Windows starts, click Close to exit.

5. Run HijackThis, click Scan and checkmark the following entries:

O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)


If you followed the advice and decided to remove the programmes in step 2, checkmark these entries:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Close all browsers and windows, except for HijackThis and click the Fix Checked button; close HijackThis!

6. If you followed the advice and decided to remove the programmes in step 2: using Windows Explorer (to get there right-click your Start button and go to "Explore"), delete the following folders in bold if they exist:

C:\Program Files\PartyGaming
C:\Program Files\Viewpoint

7. Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

8. Download Deckard's System Scanner and save it to your Desktop.

* Double click dss.exe and follow the prompts.
* When finished, it will produce a log for you.
* Post the contents of that log in your next reply.
* Using Windows Explorer (to get there right-click your Start button and go to "Explore"), navigate to the C:\Deckard\System Scanner folder. You will find two logs in the folder, main.txt and extra.txt.
* Open the main.txt log in Notepad
* Also Copy and Paste its contents in a reply.

9. Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Please post the F-Secure report along with DSS main/extra logs.

#5 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 07 December 2007 - 04:47 PM

Hi Falu,

Followed all instructions except I have not installed a firewall yet. Wasn't sure if it would interfere with the scans. Here are the F-Secure and DSS reports. Look forward to hearing back soon and thanks for the help!

Scanning Report
Friday, December 07, 2007 15:20:23 - 16:15:23
Computer name: MAIN
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 0 malware found

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 37228
System: 4540
Not scanned: 5
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 0
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\RECYCLER\S-1-5-21-847393993-1136733869-1049852063-1009\DC17.DOC
C:\DOCUMENTS AND SETTINGS\TOSH\LOCAL SETTINGS\TEMP\ME_DA4A1RPWJL7CQKO

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-11-28
F-Secure AVP: 7.0.171, 2007-12-07
F-Secure Orion: 1.2.37, 2007-12-07
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0637-150-72
F-Secure Pegasus: 1.19.0, 2007-11-03
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

DDS main.txt

Deckard's System Scanner v20071014.68
Run by Tosh on 2007-12-07 15:02:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
33: 2007-12-07 20:02:29 UTC - RP33 - Deckard's System Scanner Restore Point
32: 2007-12-07 14:08:21 UTC - RP32 - System Checkpoint
31: 2007-12-06 13:18:41 UTC - RP31 - System Checkpoint
30: 2007-12-05 12:58:36 UTC - RP30 - Installed Kaspersky Anti-Virus 7.0.
29: 2007-12-05 12:49:10 UTC - RP29 - Removed AVG 7.5


-- First Restore Point --
1: 2007-11-19 14:37:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Tosh.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:32 PM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Tosh\Desktop\dss.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Tosh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137809377546
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail3.excellus.com/dwa7W.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 11496 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071207-145109-206 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20071207-145109-837 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20071207-145110-498 O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
backup-20071207-145110-621 O15 - Trusted Zone: *.imageservr.com (HKLM)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 CO_Mon - c:\windows\system32\drivers\co_mon.sys
S3 SDAntiRtKt - c:\program files\spywaredetector\sdantirtkt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Multi-user Cleanup Service - "c:\program files\lotus\notes\ntmulti.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>

S2 Windows Redundancy Check (WRC) -


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-06 08:27:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-11-07 and 2007-12-07 -----------------------------

2007-12-05 07:59:17 81549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-05 07:59:17 82061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-05 07:58:44 0 d-------- C:\Program Files\Kaspersky Lab
2007-12-05 07:58:43 31776 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-05 07:58:43 2308128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-05 07:51:29 0 d-------- C:\KAV
2007-12-04 20:42:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-04 20:42:06 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-02 17:08:14 0 d-------- C:\Documents and Settings\Laurie\Application Data\AVG7
2007-11-29 13:46:55 0 d-------- C:\Documents and Settings\Shane\Application Data\AVG7
2007-11-29 05:45:24 0 d-------- C:\Documents and Settings\Tosh\Application Data\AVG7
2007-11-29 05:44:49 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-29 05:18:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-11-23 13:58:40 0 d-------- C:\Program Files\Common Files\xing shared
2007-11-22 09:42:10 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-11-22 08:53:05 0 d-------- C:\Documents and Settings\Laurie\Application Data\PCToolsFirewallPlus
2007-11-22 08:52:48 0 d-------- C:\Documents and Settings\Laurie\Application Data\Grisoft
2007-11-21 16:33:26 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-21 16:28:50 0 d-------- C:\3338afdf08fc1600a33b3085
2007-11-21 16:28:37 0 d-------- C:\WINDOWS\system32\LogFiles
2007-11-21 16:28:37 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-11-20 23:30:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-20 20:54:34 0 d-------- C:\Program Files\Common Files\Java
2007-11-20 17:04:56 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-20 17:04:41 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 17:04:41 0 d-------- C:\Documents and Settings\Tosh\Application Data\SUPERAntiSpyware.com
2007-11-19 13:50:01 0 d-------- C:\Documents and Settings\Shane\Application Data\PCToolsFirewallPlus
2007-11-19 13:37:06 0 d-------- C:\Program Files\Trend Micro
2007-11-19 13:32:56 0 d-------- C:\Documents and Settings\Tosh\Application Data\PCToolsFirewallPlus
2007-11-19 13:29:39 0 d-------- C:\Program Files\Spyware Doctor
2007-11-19 13:29:39 0 d-------- C:\Documents and Settings\Tosh\Application Data\PC Tools
2007-11-19 09:49:49 0 d-------- C:\!KillBox
2007-11-17 12:26:02 0 d-------- C:\Documents and Settings\Shane\Application Data\Grisoft
2007-11-16 00:41:57 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-11-15 18:53:27 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-15 18:53:00 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-11-15 18:52:59 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-11-15 18:52:59 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-11-15 18:52:59 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-11-15 18:52:59 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-11-15 18:52:58 0 d-------- C:\Documents and Settings\Tosh\Application Data\Simply Super Software
2007-11-14 21:50:31 0 d-------- C:\Documents and Settings\Tosh\Application Data\HouseCall 6.6
2007-11-14 18:03:40 0 d-------- C:\Documents and Settings\Tosh\.housecall6.6
2007-11-08 20:17:57 0 d-------- C:\31.2.5281
2007-11-08 07:59:13 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Google
2007-11-08 07:57:09 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2007-11-08 07:44:11 114688 --a------ C:\WINDOWS\system32\LogonMonitor.dll <Not Verified; InfoProcess Pty Ltd.; Host Intrusion Prevention System>
2007-11-08 07:43:46 0 d-------- C:\Program Files\InfoProcess
2007-11-08 07:11:25 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-11-07 19:44:34 0 d-------- C:\31.2.5278
2007-11-07 11:43:10 0 d-------- C:\31.2.5276


-- Find3M Report ---------------------------------------------------------------

2007-12-05 09:23:47 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-02 21:23:19 3350 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-12-02 21:23:14 56 -r-hs---- C:\WINDOWS\system32\055F1935ED.sys
2007-11-24 13:39:42 0 d-------- C:\Program Files\Common Files
2007-11-24 13:37:31 0 d-------- C:\Program Files\DivX
2007-11-23 13:58:34 0 d-------- C:\Program Files\Real
2007-11-23 13:58:04 0 d-------- C:\Program Files\Common Files\Real
2007-11-20 20:55:14 0 d-------- C:\Program Files\Java
2007-11-19 13:32:03 0 d-------- C:\Program Files\SpywareDetector
2007-11-07 21:13:35 0 d-------- C:\Documents and Settings\Tosh\Application Data\Canon
2007-10-31 06:41:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-22 22:36:03 0 d-------- C:\Documents and Settings\Tosh\Application Data\DivX
2007-10-22 16:25:08 0 d-------- C:\Program Files\WinZip Self-Extractor
2007-10-14 11:38:59 0 d-------- C:\Program Files\Common Files\Download Manager
2007-10-10 06:51:09 0 d-------- C:\Documents and Settings\Tosh\Application Data\GetRightToGo
2007-10-09 12:43:14 6465 --ahs---- C:\WINDOWS\system32\ilnmp.bak1
2007-10-09 08:03:18 6465 --ahs---- C:\WINDOWS\system32\uvvwa.bak1
2007-10-08 17:27:47 1294591 --ahs---- C:\WINDOWS\system32\oqtwa.ini2
2007-10-08 17:27:43 1294593 --ahs---- C:\WINDOWS\system32\xbadd.ini2
2007-10-08 17:26:59 1299134 --ahs---- C:\WINDOWS\system32\jjkmp.ini2
2007-10-08 01:43:42 1293555 --ahs---- C:\WINDOWS\system32\xbadd.bak1
2007-10-07 21:31:18 1294153 --ahs---- C:\WINDOWS\system32\jjkmp.bak1


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [03/23/2005 01:20 AM C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [06/17/2005 08:56 AM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/09/2006 08:05 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [09/08/2005 08:20 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 08:20 PM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"eTrustPPAP"="C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe" []
"HostManager"="C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe" [04/20/2006 12:10 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/30/2003 12:14 AM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [03/21/2006 01:19 PM]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [02/17/2006 11:59 AM]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [08/31/2005 12:06 PM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [03/21/2006 08:30 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 09:00 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/02/2007 05:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/23/2007 01:57 PM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [06/28/2007 12:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [04/20/2006 12:10 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/20/2007 09:38 PM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 10:09 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]


-- End of Deckard's System Scanner: finished at 2007-12-07 15:04:48 ------------

DDS extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 1022.09 MiB / 416.6 MiB
Pagefile Memory (total/avail): 2461.39 MiB / 1737.13 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.68 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 145.68 GiB total, 128.21 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)

\\.\PHYSICALDRIVE0 - Maxtor 6L160M0 - 149.01 GiB - 3 partitions
\PARTITION0 - Unknown - 47.03 MiB
\PARTITION1 (bootable) - Installable File System - 145.68 GiB - C:
\PARTITION2 - Unknown - 3.29 GiB

\\.\PHYSICALDRIVE1 - Canon MP510Storage USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: v (McAfee) Disabled
AV: v (McAfee) Disabled
AV: Kaspersky Anti-Virus v7.0.0.125 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1135037034\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1135037034\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1135037034\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1135037034\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1137112648\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137112648\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137112648\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137112648\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1137859495\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1137859495\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1137859495\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1137859495\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Common Files\\AOL\\1138232769\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1138232769\\ee\\aolsoftware.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\1138232769\\ee\\aim6.exe"="C:\\Program Files\\Common Files\\AOL\\1138232769\\ee\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"c:\\windows\\rsp.exe"="C:\\windows\\rsp.exe:*:Enabled:AntiVirusUpdateExe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Tosh\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MAIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Tosh
LOGONSERVER=\\MAIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Tosh\LOCALS~1\Temp
TMP=C:\DOCUME~1\Tosh\LOCALS~1\Temp
USERDOMAIN=MAIN
USERNAME=Tosh
USERPROFILE=C:\Documents and Settings\Tosh
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Tosh (admin)
Laurie (admin)
Shane (admin)
Brett (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP510 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510 /L0x0009
Canon MP510 User Registration --> C:\Program Files\Canon\IJEREG\MP510\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CardRd81 --> MsiExec.exe /I{54C8FE84-89C4-40E8-976C-439EB0729BD6}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{B702CCCE-3176-4DBF-B932-D1B8F402F330}
EA.com Matchup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x0 Uninstall
EA.com Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x0 Uninstall
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{4F677FC7-7AA8-412B-A957-F13CBE1C7331}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
eTrust EZ Armor --> C:\Program Files\CA\eTrust EZ Armor\uninst.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Higher Score on the SAT/PSAT --> "C:\Program Files\Microsoft Office\Templates\Kap.SATr\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPIndex --> MsiExec.exe /I{38441BE7-79B0-42B8-8297-833704F949FE}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HLPRFO --> MsiExec.exe /I{AADAC983-FDE9-42FA-8FD9-7BB324155593}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\Tosh\Application Data\HouseCall 6.6\uninstaller.exe"
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iPod Updater 2004-11-15 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140007_7a82cbf\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lotus Notes 7.0.1 --> MsiExec.exe /I{C5C10BD4-49AA-4C25-ACE6-902A37ED51FF}
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
MyWay Search Assistant --> MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
NHL 2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDF3A1E0-186A-11D5-0089-C400C04FAE70}\setup.exe" -l0x9 Uninstall
NHL 98 --> C:\WINDOWS\uninst.exe -f"C:\EA Sports\NHL 98\DeIsL1.isu"
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Weather Services --> C:\WINDOWS\system32\control.exe C:\WINDOWS\system32\wxfw.cpl,4
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1076 / Warning
Event Submitted/Written: 12/07/2007 02:36:46 PM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1075 / Warning
Event Submitted/Written: 12/07/2007 02:36:46 PM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1069 / Warning
Event Submitted/Written: 12/07/2007 01:04:54 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Event Record #/Type1068 / Warning
Event Submitted/Written: 12/07/2007 01:04:53 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Event Record #/Type1063 / Error
Event Submitted/Written: 12/06/2007 10:37:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type40765 / Error
Event Submitted/Written: 12/07/2007 02:38:18 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Null

Event Record #/Type40764 / Error
Event Submitted/Written: 12/07/2007 02:38:18 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The PC Tools Security Service service hung on starting.

Event Record #/Type40733 / Error
Event Submitted/Written: 12/07/2007 01:05:11 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Null

Event Record #/Type40717 / Error
Event Submitted/Written: 12/06/2007 03:17:16 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {D0AAD3D6-EB93-4363-A24E-2C3D80CDBAC7} did not register with DCOM within the required timeout.

Event Record #/Type40710 / Warning
Event Submitted/Written: 12/05/2007 09:53:12 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2007-12-07 15:04:48 ------------

#6 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:00 AM

Posted 09 December 2007 - 06:56 AM

Hi Warrior18, :thumbsup:

1.

Followed all instructions except I have not installed a firewall yet. Wasn't sure if it would interfere with the scans.


It doesn't so you may install one now.

2. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following programs:

MyWay Search Assistant

3. Go to Start->Run, type CMD (if it's not already in the textbox) and click Ok.

Alternatively, Press Ctrl+Alt+Delete to bring the Task Manager. While holding down the Ctrl key, click on New Task. Once the MSDOS Window comes up, minimize the Task Manager.
At the prompt type the following and press Enter after each line:

SC Stop WRC
SC Delete WRC

Exit

4. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

5. Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.

Please post combofix.txt along with a fresh HIjackTHis log!

#7 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 11 December 2007 - 01:27 PM

Hi Falu,

Was out of town a couple of days. Followed latest steps except I have not been able to do a Combofix log. When I try this message comes up:

Please Wait
Combofix is preparing to run
The system cannot find the file specified
The system cannot find the file specified

Then a pop up window comes up that says "You need Administrative privileges to run this tool" I tried running it in Safe Mode logging in as Administrator (that only comes up in safe mode) with the same result as above. I ran another HiJack This log that is below and I will await your guidance. Thanks as always.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:54 PM, on 12/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137809377546
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail3.excellus.com/dwa7W.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:00 AM

Posted 12 December 2007 - 06:37 AM

Hi Warrior18, :thumbsup:

Delete any versions of combofix you may have and download a fresh version from here and follow the instructions:

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


P.S. Your HJT log should end with something like: End of file - 11496 bytes. Looking at the entries I expect your last log is complete but please check if it is before posting a fresh one.

#9 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 12 December 2007 - 12:06 PM

Hi Falu,

Followed the steps for Combofix again and still cannot get it to produce a log. The window comes up as follows:

"The system cannot find the file specified
The system cannot find the file specified

Please Wait
Combofix is preparing to run
The system cannot find the file specified
The system cannot find the file specified"

Then a pop up window comes that says "You need Administrative privileges to run this tool" Below is the latest HJT log. Your help is appreciated as always.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:00 AM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/mywaybiz
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1137809377546
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://mail3.excellus.com/dwa7W.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 10996 bytes

#10 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:00 AM

Posted 13 December 2007 - 05:48 AM

Hi Warrior18, :thumbsup:

Could you try in safe mode and as an administrator:

Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

Check my last instructions to run Combofix.

#11 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 13 December 2007 - 07:36 AM

Hi Falu,

Tried to run Combofix in safe mode as administrator with same results as before. I downloaded it direct to desktop while logged in as adminstrator in safe mode. Any other suggestions? Thanks as always.

#12 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:10:00 AM

Posted 13 December 2007 - 11:52 AM

Hi Warrior18, :thumbsup:

1. Download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Furthermore let's check if something is getting in the way:

2. Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Please post gmer.txt along with C:\vundofix.txt.

#13 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 14 December 2007 - 12:54 AM

Hi Falu,

It looks like I'll have to post what you told me to do in stages. Step 1: The Vundo scan came up clean. It said their were no files to remove. Log below:

VundoFix V6.7.0

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:22:27 PM 12/13/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

The gmer.txt log is long and it won't let me do it in one post. Be on the lookout for more posts to follow. I'll let you know when I've posted the last of the log.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-14 00:40:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSystemDebugControl
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!IoIsOperationSynchronous 804EAF7E 5 Bytes JMP EBE7EF70 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F3BF9 5 Bytes JMP EBE7EA70 \??\C:\WINDOWS\system32\drivers\klif.sys

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[240] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[396] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[460] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[508] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[688] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[688] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[964] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!StrStrW + FFE28B75 7C9C5128 4 Bytes [ 80, 00, 1E, 7D ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!StrStrW + FFE28B81 7C9C5134 4 Bytes [ F0, 00, 1E, 7D ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!StrStrW + FFE2AA25 7C9C6FD8 4 Bytes [ D0, 08, 1E, 7D ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!StrStrW + FFE2AB0D 7C9C70C0 4 Bytes [ B0, 02, BE, 00 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!StrStrW + FFE2AB21 7C9C70D4 4 Bytes [ B0, 02, A0, 02 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!SHFree + 11E 7C9EACF8 4 Bytes [ C0, 05, 4A, 7E ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!SHCoCreateInstance + 12E 7C9EF9F0 4 Bytes [ 30, 0D, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILFindChild + 80B 7C9F2534 4 Bytes [ 10, 0E, 4A, 7E ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILFindChild + E73 7C9F2B9C 4 Bytes [ 60, 01, BE, 00 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILFindChild + E8B 7C9F2BB4 4 Bytes [ A0, 06, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILFindChild + 175B 7C9F3484 4 Bytes [ B0, 02, 1E, 7D ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILFindChild + 177B 7C9F34A4 4 Bytes [ 40, 02, 1E, 7D ]
.text ...
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 1F38 7C9FE1C4 4 Bytes [ 30, 06, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!SHTestTokenMembership + E5 7CA04C80 4 Bytes [ E0, 0B, 4A, 7E ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILLoadFromStream + 6D6 7CA06648 2 Bytes [ F0, 07 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILLoadFromStream + 6D9 7CA0664B 1 Byte [ 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILLoadFromStream + 9EE 7CA06960 4 Bytes [ 70, 04, 4A, 7E ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILLoadFromStream + BA6 7CA06B18 4 Bytes [ E0, 04, 1E, 7D ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!ILLoadFromStream + CB6 7CA06C28 4 Bytes [ 60, 08, 1E, 7D ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!DragQueryFileAorW + 3A07 7CA14934 4 Bytes [ B0, 09, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!DragQueryFileAorW + 40FF 7CA1502C 4 Bytes [ 80, 0E, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!DragQueryFileAorW + 41D7 7CA15104 4 Bytes [ 90, 0A, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!DragQueryFileAorW + 4283 7CA151B0 4 Bytes [ F0, 0E, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!DragQueryFileAorW + 42A3 7CA151D0 4 Bytes [ 00, 0B, A0, 02 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!InternalExtractIconListA + 2037 7CA1CF98 4 Bytes [ 40, 09, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!InternalExtractIconListA + 20F3 7CA1D054 4 Bytes [ 20, 0A, A0, 02 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!Shell_NotifyIcon + 15A 7CA21970 4 Bytes [ 10, 00, BE, 00 ]
.text C:\WINDOWS\Explorer.EXE[964] SHELL32.dll!StrStrIW + 1F5 7CA3131C 4 Bytes [ 30, 0D, 4A, 7E ]
.text C:\WINDOWS\system32\winlogon.exe[1056] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[1056] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[1056] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[1104] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1104] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[1116] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1116] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1344] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1344] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1464] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1464] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1612] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1612] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1816] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1816] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1928] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1928] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[2052] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2052] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\stsystra.exe[2416] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\stsystra.exe[2416] ole32.dll!CoGetClassObject

#14 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 14 December 2007 - 12:59 AM

Part 2 of Gmer.txt log

IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\stsystra.exe[2416] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2476] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2508] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00B104A8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00B104D2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00B104FC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00B10526
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00B10550
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B1057A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00B105A4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00B105CE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00B105F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B1064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00B10676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B106A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00B106CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00B106F4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00B1071E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00B10748
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00B10772
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B1079C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00B107C6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00B107F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00B1081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00B10844
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B1086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00B10898
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00B108C2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00B108EC
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00B10916
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00B10940
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10D84
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00B10DAE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00B10DD8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00B10E02
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00B10E2C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00B10E56
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00B10E80
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00B10EAA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00B10ED4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00B10EFE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10F28
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00B10F52
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00B10F7C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00B10FA6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00B10FD0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00B80010
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00B8003A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00B80064
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00B8008E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00B800B8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00B800E2
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00B8010C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00B80136
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00B80160
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00B8018A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00B801B4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00B801DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00B80208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00B80232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00B8025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00B805F8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80622
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00B8064C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00B80676
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00B806A0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00B806CA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B807C6
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00B807F0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00B8081A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00B80844
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00B8086E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00B80ABA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00B80AE4
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00B80B0E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80B38
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00B80D06
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00B80D30
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00B80D5A
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00B80D84
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00B80DAE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00B80DD8
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00B80E02
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00B80E2C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B80E56
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 00B101DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 00B1025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 00B10286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00B1025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00B10208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00B10286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00B101DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 00B101DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 00B10286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 00B10208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 00B1025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 00B1032E
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 00B10208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 00B10304
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 00B10232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 00B102DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 00B1025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 00B10286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 00B101DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00B101DE
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00B1025C
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 00B10286
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10358
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 00B102B0
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00B102DA
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 00B10232
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 00B10208
IAT C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[2548] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00B10358
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[2568] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT

#15 Warrior18

Warrior18
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:00 AM

Posted 14 December 2007 - 01:01 AM

Part 3 of Gmer.txt log:

IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[2624] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9875] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9923] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Common Files\AOL\1138232769\ee\AOLSoftware.exe[2668] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe[2716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Canon\MyPrinter\BJMyPrt.exe[2808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\iTunes\iTunesHelper.exe[2820] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[2836] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] [0059E260] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0059E260] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0059E260] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0059E1C0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0059DD70] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0059DE00] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0059D970] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0059DF10] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0059DF70] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [0059DFD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [0059DC30] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [0059DCD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [0059E260] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0059E1C0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [0059DD70] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [0059D970] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0059DE00] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0059DF70] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0059D9B0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0059E0B0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [0059D390] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0059DFD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0059DBC0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0059DC30] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0059DA90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0059E1C0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0059DFD0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [0059D970] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [0059DC30] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [0059DF70] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [0059DE00] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0059E180] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0059E1C0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0059E210] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0059E260] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [0059E260] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0059DE90] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0059E110] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\COMODO\Firewall\cfp.exe[2888] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0059E2F0] C:\Program Files\COMODO\Firewall\cfp.exe
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll
IAT C:\Program Files\Messenger\msmsgs.exe[2896] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll
IAT




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users