Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection


  • Please log in to reply
24 replies to this topic

#1 yoongoo

yoongoo

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 11 June 2009 - 09:44 PM

First of all, my computer will not let me open my c drive in "my computer". A message that states"
'Windows cannot find 'RECYCLER\S-5-9-69-100030072-10031414-100004314-9941.com'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start Button, and then click Search. ", come up when i double click on my C drive. The only way i can access the C drive is through Search.

Another problem i am having is that some programs fail to open. I downloaded Malwarebytes' Anti-malware and i installed it. However, when i try open it. Nothing happens.

Lastly, google redirects me to different sites that i wasn't interested in. It only redirects to me when i try to solve my malware problems such as going to help sites like these and sometimes randomly redirects me to other sites. I think the malware is trying to prevent me from solving the problem.


DDS (Ver_09-05-14.01) - NTFSx86
Run by Simon at 19:27:39.82 on Thu 06/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.308 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\SYSTEM32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Simon\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twext.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\simon\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Aim6]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\common files\logishrd\lcommgr\LVComSX.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Sigmatel] RegSvr32 /s stacapi.dll
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244003990230
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244017315640
TCP: NameServer = 85.255.112.140,85.255.112.132
TCP: {AAAC6489-CB64-4DC0-A7AD-5C797729071D} = 85.255.112.140,85.255.112.132
TCP: {CCA1A33C-425C-4CFF-B07F-A6815EEC0AB4} = 85.255.112.140,85.255.112.132
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\31sem27o.default\
FF - prefs.js: browser.startup.homepage - hxxp://gmail.com/
FF - plugin: c:\documents and settings\simon\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-6 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-6 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-6 55640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-3 24652]

=============== Created Last 30 ================

2009-06-11 19:07 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-11 19:07 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-11 19:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 19:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-11 19:03 405,504 a------- c:\windows\stsystra.exe
2009-06-11 19:03 4,952,064 a------- c:\windows\system32\stacgui.cpl
2009-06-11 19:03 1,601,536 a------- c:\windows\system32\stlang.dll
2009-06-11 17:51 270,336 a------- c:\windows\system32\stacapi.dll
2009-06-11 17:38 <DIR> --d----- c:\program files\Creative
2009-06-11 11:18 67,584 a------- c:\windows\system32\1E1.tmp
2009-06-11 11:18 82,432 ac------ c:\windows\system32\dllcache\ws2_32.dll
2009-06-10 21:20 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-10 21:20 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-10 19:47 <DIR> --d----- c:\program files\uTorrent
2009-06-10 00:44 <DIR> --d----- c:\program files\iPod
2009-06-10 00:44 <DIR> --d----- c:\program files\iTunes
2009-06-08 11:27 28 a------- c:\windows\ODBC.INI
2009-06-06 04:56 <DIR> --d----- c:\program files\CCleaner
2009-06-06 04:52 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-06 04:52 <DIR> --d----- c:\program files\Avira
2009-06-06 04:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-06 03:52 <DIR> --d----- c:\program files\common files\AhnLab
2009-06-04 20:14 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-04 12:10 352 ---shr-- C:\autorun.inf
2009-06-04 02:48 129,824 a------- c:\windows\system32\drivers\lcoinst.dll
2009-06-04 02:48 50,127 a------- c:\windows\system32\drivers\lcoinst.ini
2009-06-04 02:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-06-04 02:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-06-04 02:47 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-04 02:46 1,419,024 a------- c:\windows\system32\WdfCoInstaller01005.dll
2009-06-04 02:46 56,080 a------- c:\windows\KHALMNPR.Exe
2009-06-04 02:46 36,112 a------- c:\windows\system32\drivers\LMouFilt.Sys
2009-06-04 02:46 34,832 a------- c:\windows\system32\drivers\LHidFilt.Sys
2009-06-04 02:46 28,688 a------- c:\windows\system32\drivers\LUsbFilt.sys
2009-06-04 02:46 163,840 a------- c:\windows\system32\kemutb.dll
2009-06-04 02:46 135,168 a------- c:\windows\system32\KemUtil.dll
2009-06-04 02:46 110,592 a------- c:\windows\system32\KemWnd.dll
2009-06-04 02:46 69,632 a------- c:\windows\system32\KemXML.dll
2009-06-04 02:46 <DIR> --d----- c:\program files\common files\Logitech
2009-06-04 02:11 <DIR> --d----- c:\docume~1\simon\applic~1\GetRightToGo
2009-06-03 12:32 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-03 12:32 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-03 12:32 198,656 a------- c:\windows\system32\CNMLM83.DLL
2009-06-03 12:17 3,255 a------- c:\windows\system32\wbem\Outlook_01c9e47fe5d29032.mof
2009-06-03 12:10 268,648 a------- c:\windows\system32\mucltui.dll
2009-06-03 12:10 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-06-03 03:42 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-06-03 03:42 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-03 03:42 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-06-03 03:42 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-03 03:42 60,032 ac------ c:\windows\system32\dllcache\usbaudio.sys
2009-06-03 03:42 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-03 03:42 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-06-03 03:42 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-03 03:36 32,128 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-06-03 03:36 32,128 a------- c:\windows\system32\drivers\usbccgp.sys
2009-06-03 02:00 <DIR> --d----- c:\program files\VideoLAN
2009-06-03 01:56 <DIR> --d----- c:\docume~1\simon\applic~1\uTorrent
2009-06-03 01:27 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-06-03 01:14 <DIR> --d----- c:\windows\pss
2009-06-03 01:05 <DIR> --d----- c:\windows\system32\XPSViewer
2009-06-03 01:04 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-06-03 01:04 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-03 01:04 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-03 01:04 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-03 01:04 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-06-03 01:04 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-06-03 01:04 117,760 -------- c:\windows\system32\prntvpt.dll
2009-06-03 01:00 <DIR> --d----- c:\windows\RegisteredPackages
2009-06-03 00:55 <DIR> --d----- c:\windows\system32\URTTemp
2009-06-03 00:49 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-06-03 00:49 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-03 00:47 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-06-03 00:47 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-03 00:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 00:47 <DIR> --d----- c:\program files\Bonjour
2009-06-03 00:46 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-06-03 00:45 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 00:45 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-03 00:43 <DIR> --d----- c:\windows\system32\appmgmt
2009-06-03 00:39 32,656 a------- c:\windows\system32\msonpmon.dll
2009-06-03 00:34 <DIR> --d----- c:\windows\SHELLNEW
2009-06-03 00:28 <DIR> --d----- c:\program files\Viewpoint
2009-06-03 00:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-06-03 00:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-06-03 00:28 <DIR> --d----- c:\program files\common files\AOL
2009-06-03 00:28 <DIR> --d----- c:\program files\AIM6
2009-06-03 00:28 358 a---h--- C:\IPH.PH
2009-06-03 00:16 <DIR> --d----- c:\program files\Dell
2009-06-03 00:04 <DIR> --d----- c:\program files\CONEXANT
2009-06-03 00:03 <DIR> --dsh--- c:\documents and settings\simon\IECompatCache
2009-06-03 00:01 <DIR> --dsh--- c:\documents and settings\simon\PrivacIE
2009-06-03 00:00 <DIR> --dsh--- c:\documents and settings\simon\IETldCache
2009-06-02 23:59 <DIR> --d----- c:\windows\ie8updates
2009-06-02 23:59 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-02 23:57 <DIR> -cd-h--- c:\windows\ie8
2009-06-02 23:16 <DIR> --d----- c:\windows\system32\scripting
2009-06-02 23:16 <DIR> --d----- c:\windows\system32\en
2009-06-02 23:16 <DIR> --d----- c:\windows\system32\bits
2009-06-02 23:16 <DIR> --d----- c:\windows\l2schemas
2009-06-02 23:15 <DIR> --d----- c:\windows\ServicePackFiles
2009-06-02 23:12 <DIR> --d----- c:\windows\network diagnostic
2009-06-02 23:02 172,032 a------- c:\windows\system32\igfxres.dll
2009-06-02 22:55 <DIR> --d----- C:\7ea779268559e80565424209dc7c91
2009-06-02 22:25 144,384 -------- c:\windows\system32\onex.dll
2009-06-02 22:24 136,192 -------- c:\windows\system32\aaclient.dll
2009-06-02 22:24 44,928 -------- c:\windows\system32\drivers\agpcpq.sys
2009-06-02 22:24 42,368 -------- c:\windows\system32\drivers\agp440.sys
2009-06-02 22:24 4,255 -------- c:\windows\system32\drivers\adv01nt5.dll
2009-06-02 22:24 3,967 -------- c:\windows\system32\drivers\adv02nt5.dll
2009-06-02 22:24 3,775 -------- c:\windows\system32\drivers\adv11nt5.dll
2009-06-02 22:24 3,711 -------- c:\windows\system32\drivers\adv09nt5.dll
2009-06-02 22:24 3,647 -------- c:\windows\system32\drivers\adv07nt5.dll
2009-06-02 22:24 3,615 -------- c:\windows\system32\drivers\adv05nt5.dll
2009-06-02 22:24 3,135 -------- c:\windows\system32\drivers\adv08nt5.dll
2009-06-02 22:04 13,588 a------- c:\windows\system32\wpa.bak
2009-06-02 21:48 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-06-02 21:48 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-02 21:47 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-06-02 21:47 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-06-02 21:46 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-06-02 21:46 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-02 21:46 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-02 21:42 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-06-02 21:42 <DIR> --d----- c:\windows\system32\PreInstall
2009-06-02 21:39 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-02 21:37 <DIR> --dsh--- c:\documents and settings\simon\UserData
2009-06-02 21:37 45,568 a----r-- c:\windows\system32\drivers\bcm4sbxp.sys
2009-06-02 21:31 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-06-02 21:31 191,872 a------- c:\windows\system32\drivers\SynTP.sys
2009-06-02 21:31 114,688 a------- c:\windows\system32\SynCtrl.dll
2009-06-02 21:31 94,299 a------- c:\windows\system32\SynTPAPI.dll
2009-06-02 21:31 82,014 a------- c:\windows\system32\SynCOM.dll
2009-06-02 21:31 81,920 a------- c:\windows\system32\SynTPCo2.dll
2009-06-02 21:31 69,723 a------- c:\windows\system32\SynTPFcs.dll
2009-06-02 21:31 <DIR> --d----- c:\program files\Synaptics
2009-06-02 21:29 1,222,840 a------- c:\windows\system32\drivers\sthda.sys
2009-06-02 21:29 146,944 a------- c:\windows\system32\st325602.dll
2009-06-02 21:29 <DIR> --d----- c:\program files\SigmaTel
2009-06-02 21:28 <DIR> --d----- c:\program files\Broadcom
2009-06-02 21:27 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-02 21:09 <DIR> --d----- C:\dell
2009-06-02 20:43 <DIR> --d----- c:\documents and settings\Simon
2009-06-02 20:41 <DIR> --ds---- c:\windows\system32\Microsoft
2009-06-02 20:41 8,192 a------- c:\windows\REGLOCS.OLD
2009-06-02 20:40 73,728 ac------ c:\windows\system32\dllcache\ehresja.dll
2009-06-02 20:40 69,632 ac------ c:\windows\system32\dllcache\ehresko.dll
2009-06-02 20:40 69,632 ac------ c:\windows\system32\dllcache\ehresfr.dll
2009-06-02 20:40 69,632 ac------ c:\windows\system32\dllcache\ehresde.dll
2009-06-02 20:40 61,440 ac------ c:\windows\system32\dllcache\ehreschs.dll
2009-06-02 20:38 22,016 ac------ c:\windows\system32\dllcache\logscrpt.dll
2009-06-02 20:37 <DIR> --d----- c:\windows\system32\xircom
2009-06-02 20:35 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-06-02 20:35 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-06-02 20:35 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-02 20:35 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-06-02 20:35 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-06-02 20:35 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-02 20:35 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-02 20:35 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-02 20:35 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-02 20:35 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-02 20:35 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-06-02 20:35 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-06-02 20:35 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-06-02 20:35 <DIR> --d----- c:\windows\system32\DirectX
2009-06-02 20:34 <DIR> --d----- c:\program files\common files\MSSoap
2009-06-02 20:31 <DIR> --d----- c:\program files\Windows Plus
2009-06-02 20:29 <DIR> --d----- c:\program files\Messenger
2009-06-02 20:29 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-06-02 20:28 <DIR> --d----- c:\program files\Windows NT
2009-06-02 13:22 <DIR> --d----- c:\program files\common files\ODBC
2009-06-02 13:22 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-06-02 13:20 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-06-03 01:02 86,811 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-02 20:32 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr

============= FINISH: 19:29:35.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 12 June 2009 - 10:54 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 16 June 2009 - 03:15 PM

Hi Sam,

Hello, my name is Simon. Sorry for the delayed response and I thank you for helping me. So far I still have the same problems, but i also encountered some others. When i try to download programs, my firefox immediately turns off. I mean that firefox just exits itself. But i am able to download the programs given in your post, which is good. The OTL and the OTL is in the attached files because they were big. The GMER results is pasted below....

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-16 13:06:53
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 868BAD16 ZwEnumerateKey
Code 868B9EAE ZwFlushInstructionCache
Code 8684108D IofCallDriver
Code 8682AD05 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 86841092
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8682AD0A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 868B9EB2
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 868BAD1A

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[156] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\spoolsv.exe[156] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\System32\alg.exe[324] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\System32\alg.exe[324] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\Explorer.EXE[468] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\Explorer.EXE[468] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\svchost.exe[532] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[532] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\winlogon.exe[856] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\winlogon.exe[856] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\services.exe[904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\services.exe[904] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\services.exe[904] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\lsass.exe[916] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\lsass.exe[916] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\igfxsrvc.exe[972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\WINDOWS\system32\igfxsrvc.exe[972] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\igfxsrvc.exe[972] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1116] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1116] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1220] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1220] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 19, 00] {SUB [EAX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 19, 00] {SUB [EBX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 19, 00]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 19, 00] {TEST AL, 0x1; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EF1A
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 19, 00] {TEST AL, 0x2; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 19, 00]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 19, 00]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EF8B
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 19, 00] {TEST AL, 0x0; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F0B9
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 19, 00] {SUB [ECX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 19, 00] {SUB [EDX], AL; SBB [EAX], EAX}
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 19, 00]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\System32\svchost.exe[1396] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\System32\svchost.exe[1396] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\ehome\ehtray.exe[1456] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A3000A
.text C:\WINDOWS\ehome\ehtray.exe[1456] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\ehome\ehtray.exe[1456] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\iTunes\iTunesHelper.exe[1468] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\iTunes\iTunesHelper.exe[1468] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08A4000A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1516] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1516] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\hkcmd.exe[1536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 089F000A
.text C:\WINDOWS\system32\hkcmd.exe[1536] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\hkcmd.exe[1536] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\igfxpers.exe[1540] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\WINDOWS\system32\igfxpers.exe[1540] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\igfxpers.exe[1540] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\WLTRAY.exe[1552] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B2000A
.text C:\WINDOWS\system32\WLTRAY.exe[1552] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\WLTRAY.exe[1552] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D0000A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009B000A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AE000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009F000A
.text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\ctfmon.exe[1708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0893000A
.text C:\WINDOWS\system32\ctfmon.exe[1708] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\ctfmon.exe[1708] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[1744] c:\windows\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[1744] c:\windows\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 089E000A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\notepad.exe[1908] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0091000A
.text C:\WINDOWS\notepad.exe[1908] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\notepad.exe[1908] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC000A
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1976] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003C000A
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1976] C:\WINDOWS\System32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\System32\WLTRYSVC.EXE[1976] C:\WINDOWS\System32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\System32\bcmwltry.exe[1992] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D3000A
.text C:\WINDOWS\System32\bcmwltry.exe[1992] C:\WINDOWS\System32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\System32\bcmwltry.exe[1992] C:\WINDOWS\System32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Bonjour\mDNSResponder.exe[2060] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\eHome\ehRecvr.exe[2112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\WINDOWS\eHome\ehRecvr.exe[2112] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\eHome\ehRecvr.exe[2112] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\eHome\ehSched.exe[2164] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\eHome\ehSched.exe[2164] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010D000A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044A801 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[2624] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[2624] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\svchost.exe[2804] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0070000A
.text C:\WINDOWS\system32\svchost.exe[2804] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\svchost.exe[2804] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3024] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\ehome\mcrdsvc.exe[3024] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\iTunes\iTunes.exe[3108] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\iTunes\iTunes.exe[3108] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3580] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 024A000A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3580] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044A815 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3580] C:\WINDOWS\system32\WS2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Spyware Doctor\pctsTray.exe[3580] C:\WINDOWS\system32\WS2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Program Files\iPod\bin\iPodService.exe[3684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 003F000A
.text C:\Program Files\iPod\bin\iPodService.exe[3684] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Program Files\iPod\bin\iPodService.exe[3684] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\notepad.exe[3708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0091000A
.text C:\WINDOWS\notepad.exe[3708] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\notepad.exe[3708] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0137000A
.text C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]
.text C:\WINDOWS\system32\dllhost.exe[3888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\dllhost.exe[3888] C:\WINDOWS\system32\ws2_32.dll section is writeable [0x71AB1000, 0x12153, 0xE0000040]
.data C:\WINDOWS\system32\dllhost.exe[3888] C:\WINDOWS\system32\ws2_32.dll entry point in ".data" section [0x71AC41A1]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 010E5297
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010E5229
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 010E51EB
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 010E51B8
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 010E5297
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 010E588A
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 010E55A9
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 010E588A
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 010E55A9
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 010E588A
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\System32\alg.exe[324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 018A588A
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 018A5297
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 018A5229
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 018A51EB
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 018A51B8
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 018A55A9
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 018A588A
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 018A588A
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 018A588A
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 018A55A9
IAT C:\WINDOWS\Explorer.EXE[468] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 018A5297
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[636] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00FD5297
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5297
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD5229
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD51EB
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD51B8
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FD588A
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FD55A9
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FD588A
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD5297
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00FD588A
IAT C:\WINDOWS\system32\services.exe[904] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00FD55A9
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F85297
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F85229
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F851EB
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F851B8
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00F85229
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F85297
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00F85229
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00F851EB
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00F855A9
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00F8588A
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00F8588A
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F855A9
IAT C:\WINDOWS\system32\lsass.exe[916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F8588A
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\igfxsrvc.exe[972] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Desktop\OTL.exe[1012] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\svchost.exe[1116] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD51B8
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FA5297
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FA5229
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FA51EB
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FA51B8
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FA55A9
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FA588A
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FA588A
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FA55A9
IAT C:\WINDOWS\system32\svchost.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FA588A
IAT C:\WINDOWS\system32\svchost.exe[1220] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FA5297
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1228] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E75297
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E75229
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E751EB
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E751B8
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E755A9
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E7588A
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E7588A
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E755A9
IAT C:\WINDOWS\System32\svchost.exe[1396] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E7588A
IAT C:\WINDOWS\System32\svchost.exe[1396] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E75297
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075229
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000751EB
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000751B8
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\ehome\ehtray.exe[1456] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iTunes\iTunesHelper.exe[1468] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\hkcmd.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\igfxpers.exe[1540] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\WLTRAY.exe[1552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1592] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[1628] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1660] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[1700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00085297
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085229
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000851EB
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000851B8
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000855A9
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000855A9
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0008588A
IAT C:\WINDOWS\system32\ctfmon.exe[1708] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00085297
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[1720] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1816] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1832] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\notepad.exe[1908] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[1932] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Desktop\gmer\gmer.exe[2016] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[2060] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075229
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000751EB
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000751B8
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\eHome\ehRecvr.exe[2112] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075229
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000751EB
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000751B8
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\eHome\ehSched.exe[2164] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2396] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2624] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\svchost.exe[2804] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075229
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000751EB
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000751B8
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00075297
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0007588A
IAT C:\WINDOWS\ehome\mcrdsvc.exe[3024] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000755A9
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iTunes\iTunes.exe[3108] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[3664] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Program Files\iPod\bin\iPodService.exe[3684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\notepad.exe[3708] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3800] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135229
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001351EB
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351B8
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355A9
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0013588A
IAT C:\Documents and Settings\Simon\Desktop\PSX\ePSXe.exe[3828] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135297
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405297
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405229
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004051EB
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051B8
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055A9
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 0040588A
IAT C:\WINDOWS\system32\dllhost.exe[3888] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405297

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1116] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\SKYNETkvnmpvwk.sys (*** hidden *** ) [SYSTEM] SKYNEToiylkawy <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxccyhsipslsuntlmgqbmeniayoyoeplxtj.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy@imagepath \systemroot\system32\drivers\SKYNETkvnmpvwk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main@aid 10096
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main@cmddelay 7200
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETkvnmpvwk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\modules@SKYNETcmd.dll \systemroot\system32\SKYNETfyfneyqa.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\modules@SKYNETlog.dat \systemroot\system32\SKYNETixeaybac.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\modules@SKYNETwsp.dll \systemroot\system32\SKYNETuetnbjti.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\SKYNEToiylkawy\modules@SKYNET.dat \systemroot\system32\SKYNETvenageew.dat
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll
Reg HKLM\SYSTEM\ControlSet003\Services\gxvxcserv.sys\modules@gxvxcclk \\?\globalroot\systemroot\system32\gxvxccyhsipslsuntlmgqbmeniayoyoeplxtj.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy@imagepath \systemroot\system32\drivers\SKYNETkvnmpvwk.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main@cmddelay 7200
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main\injector@* SKYNETwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\modules
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\modules@SKYNETrk.sys \systemroot\system32\drivers\SKYNETkvnmpvwk.sys
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\modules@SKYNETcmd.dll \systemroot\system32\SKYNETfyfneyqa.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\modules@SKYNETlog.dat \systemroot\system32\SKYNETixeaybac.dat
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\modules@SKYNETwsp.dll \systemroot\system32\SKYNETuetnbjti.dll
Reg HKLM\SYSTEM\ControlSet003\Services\SKYNEToiylkawy\modules@SKYNET.dat \systemroot\system32\SKYNETvenageew.dat

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys 48128 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\SKYNETkvnmpvwk.sys 69632 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\twain_32 0 bytes
File C:\WINDOWS\system32\twain_32\local.ds 9033 bytes
File C:\WINDOWS\system32\twain_32\user.ds 0 bytes
File C:\WINDOWS\system32\twext.exe 462848 bytes executable
File C:\WINDOWS\system32\SKYNETfyfneyqa.dll 44544 bytes executable
File C:\WINDOWS\system32\SKYNETixeaybac.dat 37117 bytes
File C:\WINDOWS\system32\SKYNETuetnbjti.dll 20992 bytes executable
File C:\WINDOWS\system32\gxvxccount 4 bytes
File C:\WINDOWS\system32\gxvxccyhsipslsuntlmgqbmeniayoyoeplxtj.dll 27649 bytes executable
File C:\WINDOWS\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll 22529 bytes executable
File C:\WINDOWS\Temp\SKYNETmhqmvrivqv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETmqrvyuuiie.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETnylsmnbqfp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETpfhjoibivb.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETpudxetycri.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETqmbdmexwhw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETqptrnsideo.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETqsexvvximc.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrnstinmecx.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETrpgxylqbvs.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETsmtekhpwgp.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtftivkpqvn.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETtkbfgqdrtt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETufpgqiiquc.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETvhavjkuwic.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETwabpqxxygv.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETxdnpheymnt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETymcxjikoxu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETaxvpfhwfpu.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbsbfbypswt.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbvpdribcjw.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETbysbgpxunm.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETcypyivcjix.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdgamkuckqf.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETdwbpuptegq.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETeiebrnnsee.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThpxcqdpibq.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNEThxxvmcwuab.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETihlqrxnkgi.tmp 20992 bytes executable
File C:\WINDOWS\Temp\SKYNETmbabuxtpet.tmp 20992 bytes executable

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 17 June 2009 - 09:05 AM

We need to run Combofix.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 18 June 2009 - 02:37 AM

My Combofix will not run.

When i was using firefox to open the links you have specified, my browser suddenly exited like my previous problems. So i decided to open the links by using internet explorer. Fortunately, i was able to download combofix to my desktop. However, my computer will not run it. Just like my MBAM, i press run but nothing happens. Is there any other way around it?

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 18 June 2009 - 10:47 AM

Let's try this...
Delete combofix off your desktop.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 18 June 2009 - 01:24 PM

I was able to run Combo-fix. Here is the log that was produced....

ComboFix 09-06-17.04 - Simon 06/18/2009 11:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.669 [GMT -7:00]
Running from: c:\documents and settings\Simon\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\documents and settings\Simon\Application Data\twain_32
c:\documents and settings\Simon\Application Data\twain_32\user.ds
c:\windows\system32\twain_32
C:\Autorun.inf
c:\windows\system32\drivers\gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys
c:\windows\system32\drivers\SKYNETkvnmpvwk.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxccyhsipslsuntlmgqbmeniayoyoeplxtj.dll
c:\windows\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll
c:\windows\system32\SKYNETfyfneyqa.dll
c:\windows\system32\SKYNETixeaybac.dat
c:\windows\system32\SKYNETuetnbjti.dll
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twain_32\user.ds.cla
c:\windows\system32\twext.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

c:\windows\system32\ws2_32.dll . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gxvxcserv.sys
-------\Service_SKYNEToiylkawy


((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 )))))))))))))))))))))))))))))))
.

2009-06-16 10:07 . 2009-06-17 05:41 -------- d-----w- c:\program files\VS Revo Group
2009-06-13 00:52 . 2005-04-13 02:21 22240 ----a-w- c:\windows\system32\drivers\WmFilter.sys
2009-06-13 00:52 . 2005-04-13 02:21 5600 ----a-w- c:\windows\system32\drivers\WmVirHid.sys
2009-06-13 00:52 . 2005-04-13 02:21 10144 ----a-w- c:\windows\system32\drivers\WmBEnum.sys
2009-06-13 00:52 . 2005-04-13 02:21 45504 ----a-w- c:\windows\system32\drivers\WmXlCore.sys
2009-06-12 02:03 . 2007-05-10 17:22 405504 ----a-w- c:\windows\stsystra.exe
2009-06-12 02:03 . 2007-04-11 00:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2009-06-12 00:51 . 2007-05-10 17:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2009-06-12 00:38 . 2006-01-04 22:41 1389056 ----a-w- c:\windows\system32\drivers\monfilt.sys
2009-06-11 18:19 . 2009-06-11 18:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-11 18:18 . 2008-04-14 00:12 82432 -c--a-w- c:\windows\system32\dllcache\ws2_32.dll
2009-06-11 04:20 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-11 04:20 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-11 02:47 . 2009-06-11 02:47 -------- d-----w- c:\program files\uTorrent
2009-06-10 07:44 . 2009-06-10 07:44 -------- d-----w- c:\program files\iPod
2009-06-10 07:44 . 2009-06-10 07:44 -------- d-----w- c:\program files\iTunes
2009-06-10 07:42 . 2009-06-10 07:43 -------- d-----w- c:\program files\QuickTime
2009-06-10 07:35 . 2009-06-10 07:35 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 11:52 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-06 11:52 . 2009-03-24 23:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-06 11:52 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-06 11:52 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-06 11:52 . 2009-06-06 11:52 -------- d-----w- c:\program files\Avira
2009-06-06 11:52 . 2009-06-06 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-06 10:52 . 2009-06-06 11:45 -------- d-----w- c:\program files\Common Files\AhnLab
2009-06-04 19:10 . 2009-06-04 19:10 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-06-04 09:49 . 2009-06-04 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2009-06-04 09:49 . 2009-06-04 09:49 -------- d-----w- c:\documents and settings\Simon\Application Data\Logitech
2009-06-04 09:48 . 2009-06-04 09:48 10134 ----a-r- c:\documents and settings\Simon\Application Data\Microsoft\Installer\{5C77E45B-9B11-40F0-81A5-1CBF192782F2}\ARPPRODUCTICON.exe
2009-06-04 09:48 . 2009-06-04 09:48 10134 ----a-r- c:\documents and settings\Simon\Application Data\Microsoft\Installer\{F410C5DA-84B4-44CF-AA90-E381A77E880B}\ARPPRODUCTICON.exe
2009-06-04 09:48 . 2007-03-09 20:57 129824 ----a-w- c:\windows\system32\drivers\lcoinst.dll
2009-06-04 09:48 . 2009-06-04 09:48 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-06-04 09:47 . 2009-06-04 09:47 10134 ----a-r- c:\documents and settings\Simon\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe
2009-06-04 09:13 . 2009-06-17 05:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-04 09:13 . 2009-06-04 09:13 -------- d-----w- c:\documents and settings\Simon\Application Data\3M
2009-06-04 09:13 . 2009-06-04 09:13 128 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\fusioncache.dat
2009-06-04 09:11 . 2009-06-04 09:12 -------- d-----w- c:\documents and settings\Simon\Application Data\GetRightToGo
2009-06-03 19:10 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-06-03 10:46 . 2009-06-03 10:46 0 ----a-w- c:\windows\nsreg.dat
2009-06-03 10:46 . 2009-06-03 10:46 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\Mozilla
2009-06-03 10:42 . 2008-04-14 00:11 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-03 10:42 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-03 10:42 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2009-06-03 10:42 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-06-03 10:42 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-06-03 10:42 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-03 10:42 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-06-03 10:42 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-06-03 10:36 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-06-03 10:36 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-06-03 09:06 . 2009-06-12 08:00 -------- d-----w- c:\program files\Warcraft III
2009-06-03 09:02 . 2009-06-03 09:02 -------- d-----w- c:\documents and settings\Simon\Application Data\vlc
2009-06-03 09:00 . 2009-06-03 09:00 -------- d-----w- c:\program files\VideoLAN
2009-06-03 08:56 . 2009-06-16 02:32 -------- d-----w- c:\documents and settings\Simon\Application Data\uTorrent
2009-06-03 08:05 . 2009-06-03 08:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-03 08:05 . 2009-06-03 08:05 -------- d-----w- c:\program files\Reference Assemblies
2009-06-03 08:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-03 08:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-03 08:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-03 08:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-03 08:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-03 08:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-03 08:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-03 07:59 . 2009-06-03 07:59 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-03 07:59 . 2009-06-03 07:59 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-03 07:56 . 2009-06-06 20:06 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\ApplicationHistory
2009-06-03 07:55 . 2009-06-03 07:55 -------- d-----w- c:\windows\system32\URTTemp
2009-06-03 07:49 . 2008-04-07 23:16 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-06-03 07:49 . 2008-04-07 23:16 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-06-03 07:47 . 2009-06-11 04:20 -------- d-----w- c:\documents and settings\Simon\Application Data\Apple Computer
2009-06-03 07:47 . 2009-03-19 23:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-03 07:47 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-06-03 07:47 . 2009-06-03 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-03 07:44 . 2009-06-03 07:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-03 07:39 . 2008-11-10 18:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-06-03 07:38 . 2009-06-03 07:38 -------- d-----w- c:\documents and settings\Simon\Application Data\acccore
2009-06-03 07:37 . 2009-06-03 09:07 -------- d-----w- c:\program files\Microsoft Works
2009-06-03 07:37 . 2009-06-03 08:05 -------- d-----w- c:\program files\MSBuild
2009-06-03 07:34 . 2009-06-03 07:41 -------- d-----w- c:\windows\SHELLNEW
2009-06-03 07:33 . 2009-06-03 07:33 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\Microsoft Help
2009-06-03 07:33 . 2009-06-06 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-03 07:33 . 2009-06-03 07:33 -------- d--h--r- C:\MSOCache
2009-06-03 07:29 . 2009-06-03 07:29 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\AOL OCP
2009-06-03 07:29 . 2009-06-03 07:29 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\AOL
2009-06-03 07:28 . 2009-06-13 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-03 07:28 . 2009-06-03 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-06-03 07:28 . 2009-06-03 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-06-03 07:28 . 2009-06-03 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-03 07:28 . 2009-06-03 07:28 -------- d-----w- c:\program files\Common Files\AOL
2009-06-03 07:28 . 2009-06-03 07:29 -------- d-----w- c:\program files\AIM6
2009-06-03 07:20 . 2009-06-03 07:49 -------- d-----w- c:\documents and settings\Simon\Local Settings\Application Data\Google
2009-06-03 07:04 . 2009-06-03 07:04 -------- d-----w- c:\program files\CONEXANT
2009-06-03 07:03 . 2009-06-03 07:03 -------- d-sh--w- c:\documents and settings\Simon\IECompatCache
2009-06-03 07:01 . 2009-06-03 07:01 -------- d-sh--w- c:\documents and settings\Simon\PrivacIE
2009-06-03 07:00 . 2009-06-03 07:00 -------- d-sh--w- c:\documents and settings\Simon\IETldCache
2009-06-03 06:59 . 2009-06-03 06:59 -------- d-----w- c:\windows\ie8updates
2009-06-03 06:59 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-03 06:57 . 2009-06-03 06:58 -------- dc-h--w- c:\windows\ie8
2009-06-03 06:16 . 2009-06-03 06:16 -------- d-----w- c:\windows\system32\scripting
2009-06-03 06:16 . 2009-06-03 06:16 -------- d-----w- c:\windows\system32\en
2009-06-03 06:16 . 2009-06-03 06:16 -------- d-----w- c:\windows\system32\bits
2009-06-03 06:16 . 2009-06-03 06:16 -------- d-----w- c:\windows\l2schemas
2009-06-03 06:15 . 2009-06-03 06:15 -------- d-----w- c:\windows\ServicePackFiles
2009-06-03 06:02 . 2007-03-31 02:58 172032 ----a-w- c:\windows\system32\igfxres.dll
2009-06-03 05:55 . 2009-06-03 05:55 -------- d-----w- C:\7ea779268559e80565424209dc7c91
2009-06-03 05:25 . 2008-04-14 00:12 144384 ------w- c:\windows\system32\onex.dll
2009-06-03 05:24 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-06-03 05:24 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-06-03 05:24 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-06-03 05:24 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-06-03 05:11 . 2009-06-09 06:18 91520 ----a-w- c:\documents and settings\Simon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-03 04:48 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-06-03 04:48 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-03 04:47 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-06-03 04:47 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-03 04:46 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-06-03 04:46 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-03 04:46 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-03 04:42 . 2009-01-08 01:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 00:52 . 2009-06-04 09:46 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-13 00:52 . 2009-06-04 09:46 -------- d-----w- c:\program files\Logitech
2009-06-11 18:18 . 2009-06-11 18:18 67584 ----a-w- c:\windows\system32\1E1.tmp
2009-06-11 04:19 . 2009-06-03 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-10 07:44 . 2009-06-03 07:45 -------- d-----w- c:\program files\Common Files\Apple
2009-06-05 18:42 . 2009-06-03 07:45 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 18:42 . 2009-06-03 07:45 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 03:14 . 2009-06-05 03:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2009-06-04 09:47 . 2009-06-04 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-06-04 09:47 . 2009-06-04 09:47 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2009-06-04 09:47 . 2009-06-04 09:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-06-04 09:46 . 2009-06-04 09:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-04 09:46 . 2009-06-04 09:46 10134 ----a-r- c:\documents and settings\Simon\Application Data\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe
2009-06-04 09:46 . 2009-06-04 09:46 -------- d-----w- c:\documents and settings\Simon\Application Data\InstallShield
2009-06-03 19:32 . 2009-06-03 19:32 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-06-03 08:02 . 2009-06-03 03:36 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-03 07:47 . 2009-06-03 07:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-03 07:47 . 2009-06-03 07:47 -------- d-----w- c:\program files\Bonjour
2009-06-03 07:46 . 2009-06-03 07:46 -------- d-----w- c:\program files\Google
2009-06-03 07:46 . 2009-06-03 07:46 -------- d-----w- c:\program files\Apple Software Update
2009-06-03 07:16 . 2009-06-03 07:16 -------- d-----w- c:\program files\Dell
2009-06-03 03:37 . 2009-06-03 03:37 -------- d-----w- c:\program files\microsoft frontpage
2009-06-03 03:32 . 2009-06-03 03:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-03 03:31 . 2009-06-03 03:31 -------- d-----w- c:\program files\Windows Plus
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
.

------- Sigcheck -------

[-] 2006-03-15 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 FEEACBF0DB67AF34401DBC096722897A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 FEEACBF0DB67AF34401DBC096722897A c:\windows\system32\ws2_32.dll
[-] 2008-04-14 00:12 82432 FEEACBF0DB67AF34401DBC096722897A c:\windows\system32\dllcache\ws2_32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-15 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-15 455168]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-31 138008]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-17 1392640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-4 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/6/2009 4:52 AM 108289]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-583907252-725345543-1003.job
- c:\documents and settings\Simon\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-03 07:20]

2009-06-18 c:\windows\Tasks\User_Feed_Synchronization-{272A3E63-8E7B-4EC0-BF46-2234D1F80A40}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]

2009-06-18 c:\windows\Tasks\User_Feed_Synchronization-{78EA6963-6F56-4A84-B596-BAB706BEBC33}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-18 11:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(860)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2009-06-18 11:21
ComboFix-quarantined-files.txt 2009-06-18 18:21

Pre-Run: 23,668,473,856 bytes free
Post-Run: 23,931,559,936 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

289 --- E O F --- 2009-06-03 19:36

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 19 June 2009 - 11:24 AM

Let's give Malwarebytes a shot now. It should work now that the rootkit is removed.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 19 June 2009 - 12:47 PM

Downloaded and ran MBam

Here's the log.....

Malwarebytes' Anti-Malware 1.38
Database version: 2305
Windows 5.1.2600 Service Pack 3

6/18/2009 12:51:54 PM
mbam-log-2009-06-18 (12-51-54).txt

Scan type: Quick Scan
Objects scanned: 90294
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\1E1.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

#10 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 19 June 2009 - 01:00 PM

Hi, i also wanted to note that my Avira AV ran automatically when i was gone before I got your last post, which means my AV caught some files before i ran MBAM. So if you were expecting more from my MBAM log, i hope it's in here. Thank you. Here is the log from produced from that scan on Avira....



Avira AntiVir Personal
Report file date: Thursday, June 18, 2009 12:00

Scanning for 1468932 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SEMIN-2B146EB58

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/10/2009 10:07:22
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 04:33:26
ANTIVIR2.VDF : 7.1.4.87 2982912 Bytes 6/12/2009 00:19:52
ANTIVIR3.VDF : 7.1.4.108 80896 Bytes 6/18/2009 07:18:30
Engineversion : 8.2.0.191
AEVDF.DLL : 8.1.1.1 106868 Bytes 6/6/2009 12:22:11
AESCRIPT.DLL : 8.1.2.9 409978 Bytes 6/18/2009 07:18:35
AESCN.DLL : 8.1.2.3 127347 Bytes 6/6/2009 12:22:08
AERDL.DLL : 8.1.1.3 438645 Bytes 10/30/2008 02:24:41
AEPACK.DLL : 8.1.3.18 401783 Bytes 6/6/2009 12:22:08
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 07:18:35
AEHEUR.DLL : 8.1.0.133 1798520 Bytes 6/18/2009 07:18:34
AEHELP.DLL : 8.1.3.6 205174 Bytes 6/11/2009 18:59:21
AEGEN.DLL : 8.1.1.45 348532 Bytes 6/10/2009 10:07:22
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 6/6/2009 12:21:54
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/10/2009 10:07:21
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Thursday, June 18, 2009 12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iTunes.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LVComSX.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '64' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxccyhsipslsuntlmgqbmeniayoyoeplxtj.dll.vir
[DETECTION] Is the TR/Alureon.BU.1 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll.vir
[DETECTION] Is the TR/Obfuscator.ER Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETfyfneyqa.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETuetnbjti.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb_.sys.zip
[0] Archive type: ZIP
--> gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb.sys
[DETECTION] Contains recognition pattern of the SPR/Tool.Obfuscator.ET.1 program
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012491.dll
[DETECTION] Is the TR/Obfuscator.ER Trojan
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012492.dll
[DETECTION] Is the TR/Alureon.BU.1 Trojan
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012493.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012494.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxccyhsipslsuntlmgqbmeniayoyoeplxtj.dll.vir
[DETECTION] Is the TR/Alureon.BU.1 Trojan
[NOTE] The file was moved to '4ab096aa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gxvxcucsjmoojpsoasklhrqwfykffmsdyxlam.dll.vir
[DETECTION] Is the TR/Obfuscator.ER Trojan
[NOTE] The file was moved to '4bd4a32b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETfyfneyqa.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4a93967d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETuetnbjti.dll.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4bfbc2de.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_gxvxcagvifieabnhusxmnaopptqrpjkrgdvqb_.sys.zip
[NOTE] The file was moved to '4ab29699.qua'!
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012491.dll
[DETECTION] Is the TR/Obfuscator.ER Trojan
[NOTE] The file was moved to '4a6a9662.qua'!
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012492.dll
[DETECTION] Is the TR/Alureon.BU.1 Trojan
[NOTE] The file was moved to '4b0cd373.qua'!
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012493.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b0ddabb.qua'!
C:\System Volume Information\_restore{B546A53E-A09A-4068-9654-0AF598E85EBA}\RP29\A0012494.dll
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b03ca0b.qua'!


End of the scan: Thursday, June 18, 2009 12:32
Used time: 31:31 Minute(s)

The scan has been done completely.

6437 Scanned directories
180422 Files were scanned
9 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
9 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
180411 Files not concerned
1850 Archives were scanned
2 Warnings
11 Notes

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 20 June 2009 - 07:47 AM

Looks good! Just quarantined files and system restore files.


Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer, turn it back on and create a restore point.

Create a restore point:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.



How is your computer behaving now? Any issues?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 20 June 2009 - 12:54 PM

All the problems that i encountered are gone!! I appreciate the time and effort you put into my situation Sam. I can't thank you enough!! It makes me very happy that my computer is running fine again. Thank you very much!! :thumbup2:

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 21 June 2009 - 09:46 AM

I would like to check once more on a file that combofix showed as being infected. It didn't show up in your other scans so we may be ok, but let's be certain before I post some final cleanup steps for you.

Please visit the online Jotti Virus Scanner
  • Click on Browse button.
  • Navigate to the following file and upload it.


    c:\windows\system32\ws2_32.dll


  • Click on the Posted Image button.
    The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.

If Jotti's too busy, try here:
Go here: http://www.virustotal.com/en/virustotalf.html
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 yoongoo

yoongoo
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:40 AM

Posted 21 June 2009 - 12:12 PM

I ran the Jotti Scan and apparently there's still some remaining. I wasn't sure what the result box is so ill just paste what i got...

Filename: ws2_32.dll
Status:
Scan finished. 3 out of 20 scanners reported malware.
Scan taken on: Sun 21 Jun 2009 19:06:56 (CET)

Scanners
[ArcaVir]
2009-06-21 Found nothing
[
F-Secure Anti-Virus]
2009-06-19 Found nothing

[Emsisoft A-squared]
2009-06-21 Found nothing

[Ikarus]
2009-06-21 Found nothing

[Avast! antivirus]
2009-06-20 Found nothing

[Kaspersky Anti-Virus]
2009-06-21 Found nothing

[Grisoft AVG Anti-Virus]
2009-06-21 Win32/Patched

[ESET NOD32]
2009-06-20 Found nothing

[Avira AntiVir]
2009-06-21 Found nothing

[Norman Virus Control]
2009-06-19 Found nothing

[Softwin BitDefender]
2009-06-21 Trojan.Patched.EM

[Panda Antivirus]
2009-06-21 Found nothing

[ClamAV]
2009-06-20 Found nothing

[Quick Heal]
2009-06-19 Found nothing

[CPsecure]
2009-06-21 Found nothing

[Sophos]
2009-06-21 Mal/WSHack-A

[Dr.Web]
2009-06-21 Found nothing

[VirusBlokAda VBA32]
2009-06-20 Found nothing

[Frisk F-Prot Antivirus]
2009-06-20 Found nothing

[VirusBuster]
2009-06-21 Found nothing

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:40 AM

Posted 22 June 2009 - 06:50 PM

Let's run a virus scan to disinfect that file and any others that may be infected.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
Note: If you have problems with DrWeb shutting down before it completes the scan you can perform a custom scan and select individual folders to scan. In that case start with C:\Windows\System32


Please post the contents of the log from DrWeb in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users