Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijack- unknown virus name, nasty sounds right


  • This topic is locked This topic is locked
43 replies to this topic

#1 nbhooligan69

nbhooligan69

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 09 March 2009 - 03:20 PM

Pasting in additional contextual information from other posts. ~ OB

I am running windows XP media center edition version 2002 service pack 3, and have been using IE, firefox and safari all with the same results= constant browser crashes and slow sometimes (not responding) messages when I try to perform mundane tasks. On rare occasion the screen will turn blue and say that i need to restart my system due to DRIVER RRQD NOT LESS OR EQUAL even though i havent messed with the drivers.

I have tried to download spybot, adaware and hijack this but spybot will not run properly even though i installed and see it in my taskbar and on my system. I have run adaware and that seems to be the only program running properly, and hijack this shows up but will not do anything past the run prompt window during install.

I am not very familiar with pc software but thought i was following the right steps, please help me get my system back.
------------------
I am running XP media center 2002 SP3 and using safari as my only sucessful browser at the moment.
Each time I download and try to install either Malwarebytes or Spybot Search and Destroy it prompts the Run window which I confirm and then starts the hourglass load icon on my pointer after about 30 seconds or less nothing more happens and the pointer returns to normal arrow. I dont know what is happening and need help so i can diagnose and repair my problems.
------------------
I am using XP media center version 2002 SP3 and when I am running IE or firefox both of which crash all the time without warning I get crazy results when using google, yahoo or other search engines like they have been highjacked. I will be searching for something and after clicking on results with correct address under search description it will take me to ads, couponmountain, or other sites than search description, but if I paste address of search results in browser bar I can successfully reach site. Although for example if I type in www.safer-networking.or in firefox it will give me address not found but if I do so with safari I am taken to site no problem. does anyone have any ideas?

End of added material. ~ OB

DDS (Ver_09-02-01.01) - NTFSx86
Run by Rachele at 13:09:33.00 on Mon 03/09/2009
Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.156 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\DOCUME~1\RACHEL~1\LOCALS~1\Temp\dyeizz27.tmp\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60076
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\update.exe -silent
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] c:\program files\java\jre6\bin\jusched.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\rachel~1\startm~1\programs\startup\memoni~1.lnk - c:\program files\sprint music manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} - hxxp://zone.msn.com/bingame/pppp/default/PiratePoppers.1.0.0.39.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by110fd.bay110.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://longsdrugs.digitalcameradeveloping.com/upload/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} - hxxp://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} - hxxp://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mcenspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rachel~1\applic~1\mozilla\firefox\profiles\0yk335e5.default\
FF - prefs.js: keyword.URL - data:text/plain,keyword.URL=hxxp://search.yahoo.com/search?fr=yff3u&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\rachele stifle\application data\mozilla\firefox\profiles\0yk335e5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-9 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-2 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-2 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-2 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-3-2 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-2 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-03-09 03:45 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-03-09 03:36 <DIR> --d----- C:\e0f608acf52f63ffb0
2009-03-09 03:25 <DIR> --d----- c:\windows\pss
2009-03-09 02:00 15,688 a------- c:\windows\system32\lsdelete.exe
2009-03-09 00:38 0 a------- c:\windows\system32\AAWService_2009_03_09_00_38_14.dmp
2009-03-09 00:04 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-03-09 00:03 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-09 00:03 <DIR> --d----- c:\program files\Lavasoft
2009-03-07 14:50 <DIR> --d----- c:\docume~1\rachel~1\applic~1\LimeWire
2009-03-04 12:29 <DIR> --d----- c:\windows\Downloaded Program Files
2009-03-03 05:13 <DIR> --d----- c:\program files\DivX
2009-03-03 02:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NexonUS
2009-03-03 01:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-03-03 01:32 <DIR> --d----- c:\program files\Pando Networks
2009-03-02 19:36 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-02 19:36 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-02 19:36 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-02 19:35 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-03-02 19:35 <DIR> --d----- c:\docume~1\rachel~1\applic~1\AVGTOOLBAR
2009-03-02 19:34 <DIR> --d----- c:\program files\AVG
2009-03-02 17:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-03-02 17:14 <DIR> --d----- c:\program files\common files\iS3
2009-03-02 17:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-03-02 15:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-03-02 15:35 75 a------- c:\windows\st_affiliate.ini
2009-03-02 15:20 <DIR> --d----- c:\docume~1\rachel~1\applic~1\Uniblue
2009-03-01 03:09 14,028 a---h--- c:\windows\system32\mlfcache.dat
2009-03-01 02:57 <DIR> --d----- c:\program files\Bonjour
2009-02-27 22:04 2,736,890 a------- c:\windows\system32\GameMon.des
2009-02-23 07:09 4,682 a------- c:\windows\system32\npptNT2.sys
2009-02-23 07:09 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-02-23 07:09 <DIR> --d----- c:\program files\common files\INCA Shared
2009-02-21 06:36 <DIR> --d----- c:\program files\Veetle
2009-02-20 05:29 <DIR> --dsh--- c:\documents and settings\rachele stifle\PrivacIE
2009-02-20 05:28 <DIR> --dsh--- c:\documents and settings\rachele stifle\IETldCache
2009-02-19 22:43 <DIR> --d----- c:\windows\ie8updates
2009-02-19 22:36 <DIR> -cd-h--- c:\windows\ie8
2009-02-19 22:30 79,360 -c------ c:\windows\system32\dllcache\iecompat.dll

==================== Find3M ====================

2009-02-02 14:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-15 03:05 911,872 a------- c:\windows\system32\wininet.dll
2009-01-15 03:05 43,008 a------- c:\windows\system32\licmgr10.dll
2009-01-15 03:04 18,944 a------- c:\windows\system32\corpol.dll
2009-01-15 03:03 420,352 a------- c:\windows\system32\vbscript.dll
2009-01-15 03:03 72,704 a------- c:\windows\system32\admparse.dll
2009-01-15 03:03 71,680 a------- c:\windows\system32\iesetup.dll
2009-01-15 03:01 34,304 a------- c:\windows\system32\imgutil.dll
2009-01-15 03:00 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-15 03:00 45,568 a------- c:\windows\system32\mshta.exe
2009-01-15 02:50 156,160 a------- c:\windows\system32\msls31.dll
2008-12-12 12:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 12:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-10 17:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 17:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-11-16 15:22 61,224 a------- c:\documents and settings\rachele stifle\GoToAssistDownloadHelper.exe
2007-09-16 22:04 32 ac---r-- c:\documents and settings\all users\hash.dat
2008-07-09 19:47 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008070920080710\index.dat

============= FINISH: 13:12:26.73 ===============

Attached Files


Edited by Orange Blossom, 09 March 2009 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 AM

Posted 15 March 2009 - 09:48 PM

Hello, nbhooligan69
:thumbup2: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen.
We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 16 March 2009 - 09:15 PM

Billy,
I followed the instructions and downloaded GMER, but was unsuccessful in getting past the double click part. I can see it in my processes too but it only registers 00 CPU and about 4000k in memory usage. This was the case with mbam.exe before getting help here, something just doesn't let it load properly past the install and run execution. I also have drwtsn32.exe in my process window that I haven't seen before. Please let me know if there is any other info I can provide to help us move forward. Thanks a million, NBH

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 AM

Posted 16 March 2009 - 10:04 PM

Please rename GMER and try again.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 March 2009 - 12:34 PM

Billy your awesome, worked like a charm.
GMER's Log
GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-17 10:28:36
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 8280FA40 ZwEnumerateKey
Code 82A5B9F0 ZwFlushInstructionCache
Code 820F160E IofCallDriver
Code 8265C73E IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 820F1613
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8265C743
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 82A5B9F4
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB52 5 Bytes JMP 8280FA44

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\eHome\ehSched.exe[124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0061000A
.text C:\WINDOWS\eHome\ehSched.exe[124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0062000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0072000A
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0073000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[396] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0073000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[396] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0074000A
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0063000A
.text C:\WINDOWS\eHome\ehRecvr.exe[476] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\spoolsv.exe[568] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009A000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0071000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\winlogon.exe[808] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\TEMP\7FC.tmp[1156] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006D000A
.text C:\WINDOWS\TEMP\7FC.tmp[1156] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0070000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1320] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0071000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1396] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1396] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007D000A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009E000A
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009F000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0075000A
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0076000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1564] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AB000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1564] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AC000A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C1000A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1608] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00CA000A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1608] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00CB000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0078000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0079000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007D000A
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007E000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2096] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0062000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[2096] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0063000A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006D000A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[2316] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006E000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0078000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0079000A
.text C:\WINDOWS\ehome\ehtray.exe[2780] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AB000A
.text C:\WINDOWS\ehome\ehtray.exe[2780] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AC000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AB000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AC000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A9000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\hkcmd.exe[2852] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\hkcmd.exe[2852] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\igfxpers.exe[2860] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\igfxpers.exe[2860] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0096000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2872] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BD000A
.text C:\Program Files\iTunes\iTunesHelper.exe[2872] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BE000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BD000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\ctfmon.exe[2960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\ctfmon.exe[2960] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009B000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B9000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00BA000A
.text C:\Program Files\Sprint music manager\MEMonitor.exe[3048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B0000A
.text C:\Program Files\Sprint music manager\MEMonitor.exe[3048] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\alg.exe[3084] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0071000A
.text C:\WINDOWS\System32\alg.exe[3084] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0072000A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3132] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B5000A
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3132] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00B6000A
.text C:\WINDOWS\system32\igfxsrvc.exe[3140] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\igfxsrvc.exe[3140] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0097000A
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AC000A
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0084000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A4000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 011C4315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 012967BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 013B637B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 013B62AD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 013B6318 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 013B617E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 013B61E0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 013B63DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 013B6242 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A5FA00
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A60910
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A60750
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A60630
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A5FDB0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A5FFE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WININET.dll!HttpAddRequestHeadersA 630171AC 5 Bytes JMP 00F6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3408] WININET.dll!HttpAddRequestHeadersW 6301E71E 5 Bytes JMP 00FE000A
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009C000A
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 009D000A
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0075000A
.text C:\Program Files\iPod\bin\iPodService.exe[3580] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0076000A
.text C:\WINDOWS\system32\dllhost.exe[3912] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\dllhost.exe[3912] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0072000A
.text C:\Program Files\AVG\AVG8\avgscanx.exe[3996] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007A000A
.text C:\Program Files\AVG\AVG8\avgscanx.exe[3996] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007B000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0078000A
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 0079000A
.text C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C4000A
.text C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00C5000A
.text C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D0000A
.text C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00D1000A
.text C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A1000A
.text C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A2000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0079000A
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 007A000A
.text C:\WINDOWS\system32\drwtsn32.exe[8668] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\drwtsn32.exe[8668] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AB000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A3000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00A4000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 010C4315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01191D31 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 0118D5B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 011967BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 011070D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 012B637B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 012B62AD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 012B6318 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 012B617E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 012B61E0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 012B63DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 012B6242 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 011974D1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00A5FA00
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A60910
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00A60750
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A60630
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00A5FDB0
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A5FFE0
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WININET.dll!HttpAddRequestHeadersA 630171AC 5 Bytes JMP 00F6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[9596] WININET.dll!HttpAddRequestHeadersW 6301E71E 5 Bytes JMP 00FE000A
.text C:\WINDOWS\system32\drwtsn32.exe[10016] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AA000A
.text C:\WINDOWS\system32\drwtsn32.exe[10016] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00AB000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00074F34
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00074ECF
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074E9D
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\eHome\ehSched.exe[124] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[340] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Bonjour\mDNSResponder.exe[396] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00074F34
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00074ECF
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074E9D
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\eHome\ehRecvr.exe[476] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\spoolsv.exe[568] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[676] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\svchost.exe[720] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00F14FE8
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F14FE8
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F14F34
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F14ECF
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F14E9D
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F15556
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00F152A1
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00F15556
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F14FE8
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00F15556
IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00F152A1
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E84FE8
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E84F34
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E84ECF
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E84E9D
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00E84F34
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E84FE8
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00E84F34
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00E84ECF
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E852A1
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E85556
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E85556
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E852A1
IAT C:\WINDOWS\system32\lsass.exe[876] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E85556
IAT C:\WINDOWS\system32\svchost.exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00DE4E9D
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01064FE8
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01064F34
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01064ECF
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01064E9D
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 010652A1
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01065556
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01065556
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 010652A1
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01065556
IAT C:\WINDOWS\system32\svchost.exe[1148] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01064FE8
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00144F34
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00144ECF
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144E9D
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\WINDOWS\TEMP\7FC.tmp[1156] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01014FE8
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01014F34
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01014ECF
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01014E9D
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 010152A1
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01015556
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01015556
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 010152A1
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01015556
IAT C:\WINDOWS\System32\svchost.exe[1188] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01014FE8
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B54FE8
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B54F34
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B54ECF
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B54E9D
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B552A1
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00B55556
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00B55556
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B552A1
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00B55556
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B54FE8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1320] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1452] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgrsx.exe[1504] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 01895556
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01894FE8
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01894F34
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01894ECF
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01894E9D
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 018952A1
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01895556
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01895556
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01895556
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 018952A1
IAT C:\WINDOWS\Explorer.EXE[1580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01894FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[1872] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgemc.exe[2032] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00074F34
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00074ECF
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074E9D
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\ehome\mcrdsvc.exe[2096] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Canon\CAL\CALMAIN.exe[2316] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[2388] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00074F34
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00074ECF
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00074E9D
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000752A1
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00075556
IAT C:\WINDOWS\ehome\ehtray.exe[2780] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00074FE8
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2792] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2828] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\hkcmd.exe[2852] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxpers.exe[2860] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\iTunes\iTunesHelper.exe[2872] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2896] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00084FE8
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00084F34
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00084ECF
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00084E9D
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000852A1
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000852A1
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085556
IAT C:\WINDOWS\system32\ctfmon.exe[2960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00084FE8
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\Sprint music manager\MEMonitor.exe[3048] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\System32\alg.exe[3084] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[3132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\WINDOWS\system32\igfxsrvc.exe[3140] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[3404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00144F34
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00144ECF
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144E9D
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[3408] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[3456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\iPod\bin\iPodService.exe[3580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\System32\svchost.exe[3844] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\dllhost.exe[3912] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgscanx.exe[3996] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\PROGRA~1\AVG\AVG8\avgnsx.exe[5100] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00144F34
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00144ECF
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144E9D
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\AVG\AVG8\aAvgApi.exe[5784] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00144F34
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00144ECF
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144E9D
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\Apple Software Update\SoftwareUpdate.exe[5888] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe[6536] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00134F34
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134ECF
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134E9D
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134FE8
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135556
IAT C:\Program Files\AVG\AVG8\avgcsrvx.exe[8084] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001352A1
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\drwtsn32.exe[8668] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00144F34
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00144ECF
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144E9D
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001452A1
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145556
IAT C:\Program Files\Internet Explorer\Iexplore.exe[9596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144FE8
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00404F34
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00404ECF
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00404E9D
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004052A1
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405556
IAT C:\WINDOWS\system32\drwtsn32.exe[10016] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00404FE8

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\UACwsnodrub.sys (*** hidden *** ) AAF8D000-AAFA0000 (77824 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\eHome\ehSched.exe [124] 0x00630000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [340] 0x00740000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [396] 0x00750000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\eHome\ehRecvr.exe [476] 0x00650000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [536] 0x00720000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [568] 0x009B0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [676] 0x00730000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [720] 0x00720000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [808] 0x00660000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [852] 0x00660000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [876] 0x00730000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1148] 0x00700000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\WINDOWS\TEMP\7FC.tmp [1156] 0x007E0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1188] 0x00700000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1232] 0x00700000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [1320] 0x00720000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [1396] 0x007E0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [1452] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgrsx.exe [1504] 0x00770000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1564] 0x00AD0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1580] 0x00C30000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [1608] 0x00CC0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1712] 0x00700000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1780] 0x00700000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\AVG\AVG8\avgcsrvx.exe [1872] 0x007A0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgemc.exe [2032] 0x007F0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\ehome\mcrdsvc.exe [2096] 0x00640000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [2316] 0x006F0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\AVG\AVG8\avgcsrvx.exe [2388] 0x007A0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\ehome\ehtray.exe [2780] 0x00AD0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2792] 0x00AD0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2828] 0x00AB0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\hkcmd.exe [2852] 0x00990000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxpers.exe [2860] 0x00970000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2872] 0x00BF0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2896] 0x00BF0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2960] 0x009C0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2976] 0x00BB0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Sprint music manager\MEMonitor.exe [3048] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3084] 0x00730000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\unsecapp.exe [3132] 0x00B70000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxsrvc.exe [3140] 0x00980000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe [3372] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiprvse.exe [3404] 0x00850000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3408] 0x00BA0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\PROGRA~1\MICROS~4\rapimgr.exe [3456] 0x009E0000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3580] 0x00770000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3844] 0x00720000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3912] 0x00730000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\Program Files\AVG\AVG8\avgscanx.exe [3996] 0x008B0000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG8\avgnsx.exe [5100] 0x00890000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\Program Files\AVG\AVG8\aAvgApi.exe [5784] 0x00D50000
Library \\?\globalroot\systemroot\system32\UACdaylvyqm.dll (*** hidden *** ) @ C:\Program Files\Apple Software Update\SoftwareUpdate.exe [5888] 0x00D20000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\Documents and Settings\Rachele Stifle\Desktop\gogabbago\gogabba.exe [6536] 0x00B20000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\Program Files\AVG\AVG8\avgcsrvx.exe [8084] 0x008A0000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\WINDOWS\system32\drwtsn32.exe [8668] 0x00BB0000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [9596] 0x00BA0000
Library \\?\globalroot\systemroot\system32\UACadmlkyac.dll (*** hidden *** ) @ C:\WINDOWS\system32\drwtsn32.exe [10016] 0x00BB0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACwsnodrub.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwsnodrub.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwsnodrub.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACsxviekio.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACevrnpxwb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACpfmltgea.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACswwblvnk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACdaylvyqm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACoijkqtir.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACpdqjdkrj.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACxdbyekfm.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACadmlkyac.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACwsnodrub.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACwsnodrub.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACsxviekio.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACevrnpxwb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACpfmltgea.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACswwblvnk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACdaylvyqm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACoijkqtir.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACpdqjdkrj.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACxdbyekfm.log

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Rachele Stifle\Local Settings\Temp\UAC3766.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACwsnodrub.sys 65536 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\twain32 0 bytes
File C:\WINDOWS\system32\twain32\local.ds 81719 bytes
File C:\WINDOWS\system32\twain32\user.ds 0 bytes
File C:\WINDOWS\system32\UACadmlkyac.dll 18944 bytes executable
File C:\WINDOWS\system32\UACdaylvyqm.dll 65536 bytes
File C:\WINDOWS\system32\UACevrnpxwb.dat 127 bytes
File C:\WINDOWS\system32\uacinit.dll 5523 bytes
File C:\WINDOWS\system32\UACoijkqtir.log 161427 bytes
File C:\WINDOWS\system32\UACpfmltgea.dll 27136 bytes executable
File C:\WINDOWS\system32\UACswwblvnk.dll 24576 bytes executable
File C:\WINDOWS\system32\UACsxviekio.dll 31232 bytes executable
File C:\WINDOWS\system32\UACxdbyekfm.log 88 bytes
File C:\WINDOWS\Temp\UAC2a33.tmp 81408 bytes
File C:\WINDOWS\Temp\UAC3042.tmp 81408 bytes
File C:\WINDOWS\Temp\UAC5391.tmp 65536 bytes
File C:\WINDOWS\Temp\UAC5d84.tmp 65536 bytes
File C:\WINDOWS\Temp\UAC7a1d.tmp 81408 bytes
File C:\WINDOWS\Temp\UACbd02.tmp 127 bytes
File C:\WINDOWS\Temp\UACc3b9.tmp 65536 bytes executable
File C:\WINDOWS\Temp\UACc55e.tmp 31232 bytes executable
File C:\WINDOWS\Temp\UACc6d3.tmp 65536 bytes
File C:\WINDOWS\Temp\UACc733.tmp 27136 bytes executable
File C:\WINDOWS\Temp\UACca77.tmp 65536 bytes
File C:\WINDOWS\Temp\UACcec5.tmp 24576 bytes executable
File C:\WINDOWS\Temp\UACdbd4.tmp 81408 bytes

---- EOF - GMER 1.0.15 ----
Thanks hope this helps! :thumbup2:

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 AM

Posted 17 March 2009 - 04:01 PM

Hello, nbhooligan69
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 March 2009 - 09:44 PM

Sorry billy,
I didn't mean to break forum policy. Now when I load CF it starts to load, then the "sorry cf experienced a problem and had to close" apperars.
This happens for all programs and all I meant by system restore is what can I do to get them(including CF) to work again. thanks, nbh

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 AM

Posted 17 March 2009 - 10:27 PM

No problem :thumbup2:

Please try running CF in Safe Mode and see if that works.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 March 2009 - 10:41 PM

how do i get into safe mode again? thanks billy

#10 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 17 March 2009 - 11:31 PM

Billy,
forget last post, was able to get into safe mode but now when i start to run CF it is warning me that AVG is still enabled even though I have tried everything to turn it off and even uninstall, please direct me how to disable AVG. Otherwise it is warning me that CF can damage my computer if AVG is still enabled and I dont want to do any more harm than I have already done.
Thanks NBH

#11 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 March 2009 - 11:43 AM

Billy,
So finally had to download CCleaner to remove AVG, it was the only way I could figure out on my own and I didnt run it for any other programs or files, so I hope this was ok. :thumbup2:
I was finally able to get CF to work, and so here is the log.
Combofix.txt
ComboFix 09-03-15.01 - Rachele Stifle 2009-03-18 9:15:11.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.372 [GMT -7:00]
Running from: c:\documents and settings\Rachele Stifle\Desktop\GlobRemover.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACwsnodrub.sys
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds
c:\windows\system32\twex.exe
c:\windows\system32\UACadmlkyac.dll
c:\windows\system32\UACdaylvyqm.dll
c:\windows\system32\UACevrnpxwb.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACoijkqtir.log
c:\windows\system32\UACpdqjdkrj.log
c:\windows\system32\UACpfmltgea.dll
c:\windows\system32\UACswwblvnk.dll
c:\windows\system32\UACsxviekio.dll
c:\windows\system32\UACxdbyekfm.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 08:54 . 2009-03-18 08:54 <DIR> d-------- c:\program files\CCleaner
2009-03-17 17:15 . 2009-03-17 17:16 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-03-09 03:45 . 2009-03-09 16:47 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-09 03:36 . 2009-03-09 03:36 <DIR> d-------- C:\e0f608acf52f63ffb0
2009-03-09 00:38 . 2009-03-09 00:38 0 --a------ c:\windows\system32\AAWService_2009_03_09_00_38_14.dmp
2009-03-09 00:04 . 2009-01-18 14:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-09 00:03 . 2009-03-17 20:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-09 00:03 . 2009-03-18 08:58 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-07 14:50 . 2009-03-08 23:51 <DIR> d-------- c:\documents and settings\Rachele Stifle\Application Data\LimeWire
2009-03-04 12:29 . 2009-03-04 12:30 <DIR> d-------- c:\windows\Downloaded Program Files
2009-03-03 05:13 . 2009-03-03 05:14 <DIR> d-------- c:\program files\DivX
2009-03-03 02:15 . 2009-03-03 10:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\NexonUS
2009-03-03 01:32 . 2009-03-03 01:32 <DIR> d-------- c:\program files\Pando Networks
2009-03-03 01:32 . 2009-03-03 01:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\PMB Files
2009-03-02 19:34 . 2009-03-02 19:34 <DIR> d-------- c:\program files\AVG
2009-03-02 17:16 . 2009-03-02 19:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2009-03-02 17:14 . 2009-03-02 17:14 <DIR> d-------- c:\program files\Common Files\iS3
2009-03-02 17:14 . 2009-03-02 20:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-03-02 15:48 . 2009-03-09 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-02 15:35 . 2009-03-02 15:35 75 --a------ c:\windows\st_affiliate.ini
2009-03-02 15:20 . 2009-03-02 15:20 <DIR> d-------- c:\documents and settings\Rachele Stifle\Application Data\Uniblue
2009-03-01 03:09 . 2009-03-01 03:09 14,028 --ah----- c:\windows\system32\mlfcache.dat
2009-03-01 03:05 . 2009-03-01 03:06 <DIR> d-------- c:\program files\Safari
2009-03-01 03:00 . 2009-03-01 03:02 <DIR> d-------- c:\program files\QuickTime
2009-03-01 02:57 . 2009-03-01 02:57 <DIR> d-------- c:\program files\Bonjour
2009-02-27 22:04 . 2009-02-16 17:39 2,736,890 --a------ c:\windows\system32\GameMon.des
2009-02-23 07:09 . 2009-02-23 07:09 <DIR> d-------- c:\program files\Common Files\INCA Shared
2009-02-23 07:09 . 2003-07-17 02:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-02-23 07:09 . 2004-12-31 17:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-02-21 06:36 . 2009-02-21 06:36 <DIR> d-------- c:\program files\Veetle
2009-02-20 05:29 . 2009-02-20 05:29 <DIR> d--hs---- c:\documents and settings\Rachele Stifle\PrivacIE
2009-02-20 05:28 . 2009-02-20 05:28 <DIR> d--hs---- c:\documents and settings\Rachele Stifle\IETldCache
2009-02-19 22:43 . 2009-02-19 22:43 <DIR> d-------- c:\windows\ie8updates
2009-02-19 22:36 . 2009-02-19 22:39 <DIR> d--h-c--- c:\windows\ie8
2009-02-19 22:30 . 2009-01-10 22:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 15:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-09 17:52 --------- d-----w c:\program files\Common Files\SupportSoft
2009-03-09 09:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-09 09:21 --------- d-----w c:\program files\Google
2009-03-02 21:32 --------- d-----w c:\program files\Java
2009-03-01 10:07 --------- d-----w c:\documents and settings\Rachele Stifle\Application Data\Apple Computer
2009-02-26 22:54 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-23 05:57 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-20 17:26 --------- d-----w c:\documents and settings\Rachele Stifle\Application Data\AdobeUM
2009-02-18 16:36 --------- d-----w c:\program files\Yahoo!
2009-02-18 16:30 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-18 16:30 --------- d-----w c:\program files\Shockwave.com
2009-02-18 16:27 --------- d-----w c:\program files\Common Files\Apple
2009-02-07 19:07 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2009-02-02 05:45 --------- d-----w c:\documents and settings\Rachele Stifle\Application Data\Gaijin Ent
2008-11-16 22:22 61,224 ----a-w c:\documents and settings\Rachele Stifle\GoToAssistDownloadHelper.exe
2007-09-17 05:04 32 -c--a-r c:\documents and settings\All Users\hash.dat
2008-07-10 02:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008070920080710\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 385024]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-02 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 c:\windows\system32\narrator.exe]

c:\documents and settings\Rachele Stifle\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2007-12-24 983040]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-11-16 15:22 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-22 22:46 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"58337:TCP"= 58337:TCP:Pando Media Booster
"58337:UDP"= 58337:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-09 64160]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - sfc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
HKLM-Run-PCMService - c:\program files\Dell\Media Experience\PCMService.exe
HKLM-Run-IntelZeroConfig - c:\program files\Intel\Wireless\bin\ZCfgSvc.exe
HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
FF - ProfilePath - c:\documents and settings\Rachele Stifle\Application Data\Mozilla\Firefox\Profiles\0yk335e5.default\
FF - prefs.js: keyword.URL - data:text/plain,keyword.URL=hxxp://search.yahoo.com/search?fr=yff3u&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Rachele Stifle\Application Data\Mozilla\Firefox\Profiles\0yk335e5.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 09:20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-18 9:26:03 - machine was rebooted [Rachele Stifle]
ComboFix-quarantined-files.txt 2009-03-18 16:24:45

Pre-Run: 23,267,655,680 bytes free
Post-Run: 23,649,849,344 bytes free

227 --- E O F --- 2009-03-14 10:04:23

P.S.
CF warned me of rootkit activity before starting its final scan and had me write down the cultprits.
C:\windows\system32\drivers\UACwsnodrub.sys
C:\windows\system32\drivers\UACsxviekio.dll
C:\windows\system32\drivers\UACevrnpxwb.dat
C:\windows\system32\drivers\UACpfmltgea.dll
C:\windows\system32\drivers\UACswwblvnk.dll
C:\windows\system32\drivers\UACdaylvyqm.dll
C:\windows\system32\drivers\UACoijkqtir.log
C:\windows\system32\drivers\UACpdqjdkrj.log
C:\windows\system32\drivers\UACxdbyekfm.log
C:\windows\system32\drivers\UACadmlkyac.dll

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 AM

Posted 18 March 2009 - 07:02 PM

Hello, nbhooligan69
Lookin better :thumbup2: Are you still being redirected?

I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use <Control>+A)
  • Right-click again and chose "Copy" (or <Control>+C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following mirrors:
  • Close any and all open programs, as this process may crash your computer.
  • Unzip the downloaded file to your desktop.
  • Double click Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.
In your next reply, please include the following:
  • ESET OnlineScan's Log
  • GMER's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 19 March 2009 - 03:34 PM

Billy,
So far as I know I am not being redirected but IE in normal XP mode will load my homepage and then crash saying, "sorry for the inconvenience internet explorer had to close due to problem", and so I had to run ESET Onlinescan in safe mode. Also, I am currently able to use Firefox in normal XP mode but have experienced crashes at random times during use, and had the same "sorry for the inconvenience" message, but then was able to run again minutes later with no problems for time being.
ESET Onlinescan's Log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3949 (20090319)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=799f994c9d673e409ee1bd7902ba0327
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-19 08:21:23
# local_time=2009-03-19 01:21:23 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=210715
# found=7
# scan_time=2197
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACadmlkyac.dll.vir Win32/Olmarik.GJ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACdaylvyqm.dll.vir Win32/Olmarik.GJ trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpfmltgea.dll.vir Win32/Olmarik.FT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACswwblvnk.dll.vir Win32/Olmarik.FT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsxviekio.dll.vir Win32/Olmarik.FT trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACwsnodrub_.sys.zip Win32/Olmarik.FT trojan (deleted) 00000000000000000000000000000000
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_UACwsnodrub_.sys.zip »ZIP »UACwsnodrub.sys Win32/Olmarik.FT trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

#14 nbhooligan69

nbhooligan69
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 19 March 2009 - 04:49 PM

Billy,

GMER's Log

GMER 1.0.15.14939 - http://www.gmer.net
Rootkit scan 2009-03-19 14:46:43
Windows 5.1.2600 Service Pack 3


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:37 AM

Posted 19 March 2009 - 10:29 PM

Hello, nbhooligan69
Congratulations! You now appear clean! :thumbup2:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
We Need to Remove ComboFix
  • Please go to Start -> Run
  • Enter "ComboFix /u" (without quotes). Note the space betwen "ComboFix" and "/u", it needs to be there.
    Posted Image
  • Press OK (Or hit enter).
  • Allow ComboFix to remove itself.
We Need to Clean Up Our Mess
  • Please download OTCleanIt from one of the following mirrors and save it to your desktop:
  • Double click the Posted Image icon.
  • Push the large "Cleanup" button.
  • Allow your system to reboot.
Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

    If you are using Windows Vista
    • Click the "Start Menu" (or Windows Orb)
    • Click "All Programs"
    • Click "Windows Update"
    • On the left, choose "Change Settings"
    • Ensure that the checkbox "Use Microsoft Update" at the bottom of the window is checked.
    • Press OK and accept the UAC prompt.
      Note: You shouldn't need to check this checkbox every single time you update, only the first time.
    • Click "Check for Updates" in the upper left corner.
    • Follow the instructions to install the latest updates.
    • Reboot and repeat the "Check for Updates" until there are no more critical updates to install
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on your machine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users