Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

someone please help!


  • This topic is locked This topic is locked
6 replies to this topic

#1 Electrickoolaid

Electrickoolaid

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 03 December 2008 - 04:26 AM

Ive been hijacked by spyware....not sure exactly whats wrong but popups and browser hijacks directing me to ad pages are driving me crazy


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:15 AM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sports.yahoo.com/fantasy
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKLM\..\Policies\Explorer\Run: [HB9XtSyEmX] C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1198110327265
O21 - SSODL: syscmd - {42B9DD35-9306-A5D6-A5C1-0AC65FD90F26} - C:\Program Files\wukhdtf\syscmd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 11574 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 08 December 2008 - 08:50 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.
Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

In your next reply include:
-the OTScanIt log (attached)
-the GMER log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 Electrickoolaid

Electrickoolaid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 December 2008 - 02:00 AM

Thank you for your help....Ive followed your instructions......



GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-09 00:54:17
Windows 5.1.2600 Service Pack 2


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[272] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C052A8
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C051F4
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C0518F
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C0515D
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C05569
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C05833
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C05833
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C05569
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C05833
IAT C:\WINDOWS\system32\dllhost.exe[656] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C052A8
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052A8
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004051F4
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040518F
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040515D
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405569
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00405569
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe[748] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052A8
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[784] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 000452A8
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000452A8
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000451F4
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0004518F
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0004515D
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000452A8
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00045833
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00045569
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00045833
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00045569
IAT C:\WINDOWS\system32\services.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00045833
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D652A8
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D651F4
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D6518F
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D6515D
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00D651F4
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D652A8
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00D651F4
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00D6518F
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D65569
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D65833
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D65833
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D65569
IAT C:\WINDOWS\system32\lsass.exe[948] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D65833
IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D4515D
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 009152A8
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 009151F4
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0091518F
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0091515D
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00915569
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00915833
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00915833
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00915569
IAT C:\WINDOWS\system32\svchost.exe[1216] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00915833
IAT C:\WINDOWS\system32\svchost.exe[1216] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 009152A8
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 025352A8
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 025351F4
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0253518F
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0253515D
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 02535569
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 02535833
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 02535833
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 02535569
IAT C:\WINDOWS\System32\svchost.exe[1384] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 02535833
IAT C:\WINDOWS\System32\svchost.exe[1384] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 025352A8
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008D52A8
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008D51F4
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008D518F
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 008D515D
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 008D5569
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 008D5833
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 008D5833
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008D5569
IAT C:\WINDOWS\system32\svchost.exe[1456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 008D5833
IAT C:\WINDOWS\system32\svchost.exe[1456] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 008D52A8
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008552A8
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008551F4
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0085518F
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0085515D
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00855569
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00855833
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 008552A8
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00855833
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00855569
IAT C:\WINDOWS\System32\alg.exe[1568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00855833
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe[2072] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[2104] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\DOCUME~1\MIKEPI~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 012C5833
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 012C52A8
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 012C51F4
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 012C518F
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 012C515D
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 012C5569
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 012C5833
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 012C5833
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 012C5833
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 012C5569
IAT C:\WINDOWS\Explorer.EXE[2460] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 012C52A8
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe[2664] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\internet explorer\iexplore.exe[2676] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000852A8
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000851F4
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008518F
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008515D
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00085569
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085569
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\Documents and Settings\All Users\Application Data\zyjmrypw\lkrilivs.exe[3028] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000852A8
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000852A8
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000851F4
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008518F
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008515D
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085569
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085569
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\WINDOWS\ehome\ehtray.exe[3036] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000852A8
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000852A8
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000851F4
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0008518F
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0008515D
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085569
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00085569
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085833
IAT C:\WINDOWS\eHome\ehmsas.exe[3176] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000852A8
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3184] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3236] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\WINDOWS\system32\hkcmd.exe[3372] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\WINDOWS\system32\igfxpers.exe[3432] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052A8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004051F4
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040518F
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040515D
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405569
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052A8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405569
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3492] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\QuickPlay\QPService.exe[3536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3572] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3856] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3872] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004052A8
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004051F4
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0040518F
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0040515D
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405569
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405569
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405833
IAT C:\WINDOWS\System32\svchost.exe[3968] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004052A8
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001451F4
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014518F
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 0014515D
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145569
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145833
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4076] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001452A8

---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.14 ----

File C:\WINDOWS\system32\twain_32 0 bytes
File C:\WINDOWS\system32\twain_32\local.ds 20084 bytes
File C:\WINDOWS\system32\twain_32\user.ds 0 bytes
File C:\WINDOWS\system32\twext.exe 493056 bytes executable

---- EOF - GMER 1.0.14 ----

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 09 December 2008 - 02:29 AM

Hello.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable Norton Antivirus.
  • Right click on thr Norton icon (Posted Image) beside your click and select Disable Auto-Protect.
  • Select a disabled duration of 5 hours to ensure that it will not interfere with this fix.
  • Click OK to apply the settings.
When done properly, you should recieve a pop-up warning saying that protection was disabled. The Norton icon should now look like Posted Image.

Download The Avenger and Run Script
Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Right click and extract avenger.exe to your desktop
  • Start the Avenger by clicking on its icon on your desktop.
  • Copy all the text contained in the qoute box below to your Clipboard by highlighting it, right clicking and selecting Copy:
    Files to delete:
    %SystemRoot%\system32\twext.exe
    
    Folders to delete:
    %AllUsersProfile%\Application Data\zyjmrypw
    %ProgramFiles%\wukhdtf
    C:\WINDOWS\system32\twain_32
  • Click Posted Image to paste the script from the clipboard.
  • Click the Execute button
  • Answer Yes twice when prompted.
The process is completely automatic. Do not touch your computer until a log file opens.

The Avenger will do the following:
  • It will Restart your computer. (In cases where the code to execute contains "Drivers to Unload", the Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt (considering your operating drive is C:). Post back with it in your next reply.
Run Fix with OTScanIt
We will run OTScanIt with directives. If you have lost your copy of OTScanIt, download it here and extract it like you did last time.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Copy the contents of the codebox below into the "Paste fix here" box.
    [Processes - Safe List]
    YN -> lkrilivs.exe -> %AllUsersProfile%\Application Data\zyjmrypw\lkrilivs.exe
    [Registry - Safe List]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> "QlbCtrl" -> [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start]
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
    YN -> C:\WINDOWS\system32\twext.exe -> %SystemRoot%\system32\twext.exe
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    YN -> "{42B9DD35-9306-A5D6-A5C1-0AC65FD90F26}" [HKLM] -> %ProgramFiles%\wukhdtf\syscmd.dll [syscmd]
  • Close all windows except OTScanIt.
  • Click it Run Fix button.
When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click OK and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix. Notepad will open with the final results at that time. Post that log back here in your next reply.

Please post back with:
-the Avenger log
-the OTScanIt fix log
-a new OTscanIt scan log (settings at default, attached) You may run out of attachment space. If so, go to your Control Panel to remove your previous attachments to make room for new ones.
-a new GMER log

With Regards,
The Panda

#5 Electrickoolaid

Electrickoolaid
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 December 2008 - 05:05 AM

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system32\twext.exe" deleted successfully.
Folder "C:\Documents and Settings\All Users\Application Data\zyjmrypw" deleted successfully.
Folder "C:\Program Files\wukhdtf" deleted successfully.
Folder "C:\WINDOWS\system32\twain_32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.









[Processes - Safe List]
No active process named lkrilivs.exe was found!
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QlbCtrl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\twext.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\syscmd deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42B9DD35-9306-A5D6-A5C1-0AC65FD90F26}\ deleted successfully.
< End of fix log >
OTScanIt2 by OldTimer - Version 1.0.2.1 fix logfile created on 12092008_031506







GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-09 03:59:11
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.14 ----

? qrxmam.sys The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 09 December 2008 - 05:27 AM

Hello Electrickoolaid.

Looks much better :thumbsup: .

Run a Script With the Avenger
  • Copy all the text contained in the qoute box below to your Clipboard by highlighting it, right clicking and selecting Copy:
    Drivers to disable:
    qrxmam.sys
    qrxmam
  • Start the Avenger by clicking on its icon on your desktop.
  • Check the "Scan for rootkits" and "Automatically disable rootkits found" boxes.
  • Click Posted Image to paste the script from the clipboard.
  • Click the Execute button
  • Answer Yes twice when prompted.
  • On reboot(s), a log will open. Post back with it.
Download and run MalwareBytes Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.


Please post back with:
-the Avenger log
-the Malware Bytes log
-a new OTScanIt log (default settings, attached) You may run out of attachment space. If so, go to your Control Panel to remove your previous attachments to make room for new ones.
-a new HijackThis log

How is your computer running now?

With Regards,
The Panda

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 AM

Posted 13 December 2008 - 09:01 PM

Hello.

I hope you silence doesnt mean you computer exploded.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users