Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with PC antispyware 2010


  • This topic is locked This topic is locked
11 replies to this topic

#1 golo

golo

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 08 August 2009 - 05:00 PM

Hi

my name is golo and i have some how managed to get Infected with PC antispyware 2010...in addition the task manages
shows the presence of "b.exe"...i have never seen that before!

also, a red circle with a white "X" has appear next to the clock in the task bar

i think as a result of all this, the computer has begun occasionally switching to a blue screen that says something along the lines of - an error has occurred and that i should uninstalled any recently installed software...for there the only option i have is to turn off the laptop from the main power button

i did try to follow the instructions in the "do it yourself" section of the website but after downloading mbam-setup.exe i double clicked on the icon but nothing happened...it was as if the laptop was either refusing to run it or something was preventing it

i am no where near an expert with computers and have find myself way out of my depth...any help and/or advice you could give me would be immensely appreciated...thanks

the following is the DDS.txt you requested...thanks again



DDS (Ver_09-03-16.01) - NTFSx86
Run by ahansraj at 22:40:50.78 on 08/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.315 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
svchost.exe
C:\WINDOWS\msa.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ahansraj\Desktop\Virus Docs (Thunder)\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: EndNote Web: {945c8270-a848-11d5-a805-00b0d092f45b} - c:\program files\endnote web\ENWIEPlug.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Monopod] c:\docume~1\ahansraj\locals~1\temp\b.exe
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [PC Antispyware 2010] "c:\program files\pc_antispyware2010\PC_Antispyware2010.exe" /hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [braviax] braviax.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.2.28.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: Windowsupdate.com\Download
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://spaces.msn.com//PhotoUpload/MsnPUpld.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ahansraj\applic~1\mozilla\firefox\profiles\4vvl8h6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=1pgsay1bayy1s&shva=1#inbox|http://www.facebook.com/login.php|http://katz.cd/
FF - plugin: c:\documents and settings\ahansraj\application data\mozilla\firefox\profiles\4vvl8h6s.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmirage.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-27 11608]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-3-18 57320]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-3-18 238952]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-27 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-25 55656]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-5-30 648424]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-27 185089]
S3 PAC207;CamMaestro 3.01 DU PC Camera;c:\windows\system32\drivers\pfc027.sys --> c:\windows\system32\drivers\pfc027.sys [?]

=============== Created Last 30 ================

2009-08-08 22:15 18,653 a------- c:\program files\common files\xikocadose.exe
2009-08-08 22:15 16,280 a------- c:\windows\ivyr.lib
2009-08-08 22:15 15,195 a------- c:\windows\gofe.bin
2009-08-08 22:15 11,091 a------- c:\windows\aqutoju._dl
2009-08-08 22:15 10,805 a------- c:\docume~1\ahansraj\applic~1\gofi.bin
2009-08-08 21:23 <DIR> --d----- c:\program files\PC_Antispyware2010
2009-08-08 21:09 91,136 a------- C:\hcel.exe
2009-08-08 21:09 19,456 a------- C:\rcvbm.exe
2009-08-08 21:09 9,728 a------- C:\umoikchf.exe
2009-08-08 19:51 19,125 a------- c:\windows\obeqarode.scr
2009-08-08 19:51 18,561 a------- c:\windows\akilano.reg
2009-08-08 19:51 17,908 a------- c:\docume~1\ahansraj\applic~1\vyheq.dat
2009-08-08 19:51 17,610 a------- c:\windows\fesapyme.ban
2009-08-08 19:51 17,477 a------- c:\windows\system32\tavic.com
2009-08-08 19:51 17,186 a------- c:\program files\common files\ytenu.vbs
2009-08-08 19:51 15,629 a------- c:\program files\common files\ekokeri.com
2009-08-08 19:51 15,506 a------- c:\docume~1\ahansraj\applic~1\tiloma.sys
2009-08-08 19:51 15,225 a------- c:\docume~1\alluse~1\applic~1\dicebif.com
2009-08-08 19:51 15,063 a------- c:\windows\olakyfas.ban
2009-08-08 19:51 15,017 a------- c:\docume~1\ahansraj\applic~1\amurocyvit.bat
2009-08-08 19:51 14,594 a------- c:\windows\system32\zyzo.scr
2009-08-08 19:51 13,106 a------- c:\windows\woti.scr
2009-08-08 19:51 12,666 a------- c:\windows\system32\zokyco.pif
2009-08-08 19:51 12,647 a------- c:\windows\system32\buratig.scr
2009-08-08 19:51 11,134 a------- c:\windows\kibazix.bat
2009-08-08 19:51 10,909 a------- c:\program files\common files\ilytod.reg
2009-08-08 19:51 10,240 a------- c:\windows\system32\nezykowu.db
2009-08-08 19:19 347,020 a------- c:\windows\system32\_scui.cpl
2009-08-08 19:14 10,240 a------- c:\windows\braviax.exe
2009-08-08 19:14 6,144 a------- c:\windows\system32\cru629.dat
2009-08-08 19:14 6,144 a------- c:\windows\cru629.dat
2009-08-08 19:13 190,460 a------- c:\windows\system32\wisdstr.exe
2009-08-08 19:13 28,160 a------- c:\windows\system32\dllcache\beep.sys
2009-08-08 19:13 10,240 a------- c:\windows\system32\braviax.exe
2009-08-08 18:55 151,040 a------- c:\windows\msa.exe
2009-08-08 18:53 208,900 a------- c:\windows\system32\msxml71.dll
2009-08-06 19:48 1,234,797 a------- c:\windows\system32\xa.tmp

==================== Find3M ====================

2009-08-08 22:15 16,054 a------- c:\program files\common files\apuwereve.lib
2009-08-08 21:09 28,160 a------- c:\windows\system32\drivers\beep.sys
2009-08-08 19:51 12,555 a------- c:\program files\common files\zaliham.dl
2009-08-05 18:10 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-18 17:20 1,506,304 a------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-18 17:20 3,062,272 -------- c:\windows\system32\dllcache\mshtml.dll
2009-06-22 12:38 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-06-16 15:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 15:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 15:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-03 20:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 20:27 1,290,752 -------- c:\windows\system32\dllcache\quartz.dll
2008-12-03 17:21 47,360 a------- c:\docume~1\ahansraj\applic~1\pcouffin.sys
2006-01-29 22:20 35,376 a------- c:\docume~1\ahansraj\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 22:41:57.53 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 PM

Posted 10 August 2009 - 12:28 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 golo

golo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 10 August 2009 - 01:51 PM

hi there Sam...thanks so much for getting back to me so quick

since i switched on my computer this morning, there has been an additional symptom -
random internet explorer windows keep opening up and i then get an error message saying
cannot find '(null)'

i ran the scans you asked for...OTL was fine but midway through the GMER the screen went blue and i got a message
saying - a problem has been detected and windows has been shut down to prevent damage to computer:
DRIVER_IRQL_NOT_LESS_OR_EQUAL
the message then suggested tht if the problem re-occurred that disabling bios memory should be considered
(i have NO IDEA what any of tht means...haha)

i then restarted the computer and re-ran the GMER san...on completion a message was displayed:
WARNING! GMER HAS FOUND SYSTEMS MODIFICATIONS CAUSED BY ROOTKIT ACTIVITY

all the results are below

thank you again for all your time and help


OTL logfile created on: 10/08/2009 18:48:04 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\ahansraj\My Documents\dloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.37 Mb Total Physical Memory | 393.32 Mb Available Physical Memory | 38.43% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.72% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.44 Gb Total Space | 8.59 Gb Free Space | 12.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 298.02 Gb Total Space | 0.34 Gb Free Space | 0.11% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ALIM
Current User Name: ahansraj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 16:08:02 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
PRC - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/06/13 11:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2009/06/09 13:55:19 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2004/09/07 16:03:40 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/12/16 03:02:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2009/05/26 18:38:02 | 00,648,424 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe
PRC - [2009/02/06 17:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2008/12/16 03:02:23 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/05/12 21:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005/03/04 11:26:08 | 00,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/02/16 14:04:36 | 00,147,456 | ---- | M] (AOL Spyware Protection) -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/09/15 01:01:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/06/07 00:46:24 | 00,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2006/04/26 08:29:50 | 00,237,568 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2008/09/06 16:09:14 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2008/10/01 19:57:12 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2006/04/12 11:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/01/19 13:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
PRC - [2007/09/09 18:14:44 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/26 01:28:26 | 03,558,648 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2009/08/09 10:33:37 | 00,022,532 | -H-- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\temp\login.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2004/08/04 05:00:00 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/08/06 13:36:20 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2004/08/04 05:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/08/10 18:47:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ahansraj\My Documents\dloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/09 13:55:19 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/08/05 18:10:44 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [On_Demand | Stopped])
SRV - [2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2008/10/01 14:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2007/02/01 02:27:07 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 05:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/10/01 19:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/12/16 03:02:23 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/06/29 19:16:56 | 00,800,040 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService [On_Demand | Stopped])
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/06/27 19:04:00 | 00,279,848 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService [Disabled | Stopped])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/26 18:38:02 | 00,648,424 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService [Auto | Running])
SRV - [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/04/12 11:36:56 | 00,176,640 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2005/01/14 09:32:38 | 00,053,248 | ---- | M] () -- C:\WINDOWS\System32\PAStiSvc.exe -- (STI Simulator [Auto | Running])
SRV - [2007/01/19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])
SRV - [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005/09/29 21:14:10 | 00,017,056 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2005/02/23 14:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc [On_Demand | Running])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2005/05/13 02:46:20 | 01,132,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/08/05 18:10:45 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/04/28 00:38:02 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2009/08/09 10:18:10 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys -- (Beep [System | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2004/06/17 20:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
DRV - [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2004/08/12 08:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\iwca.sys -- (IWCA [On_Demand | Running])
DRV - [2004/03/17 18:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/02/22 12:15:56 | 00,137,216 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcd.sys -- (nmwcd [On_Demand | Stopped])
DRV - [2007/02/22 12:15:14 | 00,008,320 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdc.sys -- (nmwcdc [On_Demand | Stopped])
DRV - [2007/02/22 12:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys -- (nmwcdcj [On_Demand | Stopped])
DRV - [2007/02/22 12:15:14 | 00,012,288 | ---- | M] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys -- (nmwcdcm [On_Demand | Stopped])
DRV - [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2008/12/03 17:21:31 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2009/05/26 18:38:10 | 00,057,320 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL [System | Running])
DRV - [2009/05/26 18:38:10 | 00,238,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG [System | Running])
DRV - [2004/08/31 08:53:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2009/06/09 13:55:19 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/10/01 14:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/10/21 02:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2004/10/21 20:56:04 | 03,210,496 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
DRV - [2004/06/17 20:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-760722993-256700806-2550827304-1006\S-1-5-21-760722993-256700806-2550827304-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-760722993-256700806-2550827304-1006\S-1-5-21-760722993-256700806-2550827304-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?zx=1pgsay1bayy1s&shva=1#inbox|http://www.facebook.com/login.php|http://katz.cd/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:2.03
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.0.2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20090109
FF - prefs.js..extensions.enabledItems: {bdf8fec0-4c8b-11dd-ae16-0800200c9a66}:1.4
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95
FF - prefs.js..network.proxy.autoconfig_url: "http://wpac.cf.ac.uk/resicache.pac"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/06 13:36:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/06 13:36:27 | 00,000,000 | ---D | M]

[2008/11/18 23:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Extensions
[2008/11/18 23:26:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/08 20:32:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions
[2007/05/14 02:43:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{082b6fe0-310a-11db-a98b-0800200c9a66}
[2008/12/11 12:39:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/18 23:45:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008/11/18 23:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2007/05/14 02:14:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2008/05/02 17:01:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008/11/19 00:34:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{bdf8fec0-4c8b-11dd-ae16-0800200c9a66}
[2009/08/03 18:17:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2009/01/14 12:22:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2008/11/18 23:53:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/05/26 12:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\firefox@tvunetworks.com
[2008/12/30 13:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\redshift_V2@shift-themes.com
[2009/05/26 12:27:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\ahansraj\Application Data\mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\searchrecs@veoh.com
[2008/07/02 00:18:39 | 00,001,712 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\Mozilla\FireFox\Profiles\4vvl8h6s.default\searchplugins\ask.xml
[2007/05/14 02:25:06 | 00,002,520 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\Mozilla\FireFox\Profiles\4vvl8h6s.default\searchplugins\mozilla-add-ons.xml
[2008/07/02 00:18:39 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\Mozilla\FireFox\Profiles\4vvl8h6s.default\searchplugins\wikipedia.xml
[2007/05/14 02:14:17 | 00,001,437 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\Mozilla\FireFox\Profiles\4vvl8h6s.default\searchplugins\yanswers.xml
[2009/08/08 20:32:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/05/14 02:13:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/06 13:36:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006/04/04 15:02:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{AF8637B0-18E3-44D3-86B7-55E09D9C4261}
[2007/04/17 17:42:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/10/15 19:11:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/16 14:04:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/19 16:53:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/16 03:02:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/08/06 13:36:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/06 13:36:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2006/05/06 17:42:04 | 07,260,160 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\libvlc.dll
[2007/08/07 14:35:32 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2008/01/23 07:20:30 | 00,491,520 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2008/12/16 03:02:23 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/12/19 02:58:04 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2002/09/13 16:42:42 | 00,077,824 | ---- | M] (XMLAuthor Inc.) -- C:\Program Files\mozilla firefox\plugins\npmirage.dll
[2009/08/06 13:36:22 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2003/07/14 22:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2008/03/27 00:54:57 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/11/06 00:48:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/06 00:48:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/06 00:48:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/06 00:48:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/06 00:48:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/06 00:48:20 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/06 00:48:21 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/03/27 00:55:50 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/03/27 00:54:28 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/05/06 17:42:04 | 00,478,720 | ---- | M] (VideoLAN Team) -- C:\Program Files\mozilla firefox\plugins\npvlc.dll
[2008/12/19 05:54:11 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/19 05:54:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/19 05:54:12 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/19 05:54:12 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/19 05:54:12 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/19 05:54:12 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/19 05:54:12 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\hs7f3uhduhfukde.dll) - {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\hs7f3uhduhfukde.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson ResearchSoft)
O3 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\System32\ieframe.dll File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe (AOL Spyware Protection)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe ()
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [muredehaso] C:\WINDOWS\System32\zutibeki.DLL File not found
O4 - HKU\S-1-5-20..\Run: [muredehaso] C:\WINDOWS\System32\zutibeki.DLL File not found
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [braviax] C:\WINDOWS\System32\braviax.exe ()
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [Monopod] C:\Documents and Settings\ahansraj\Local Settings\temp\b.exe ()
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-760722993-256700806-2550827304-1006..\Run: [Windows System Recover!] C:\Documents and Settings\ahansraj\Local Settings\temp\login.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: WizmaxBackup_NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceClassicControlPanel = 1
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-760722993-256700806-2550827304-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
O15 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..Trusted Domains: Windowsupdate.com ([Download] http in Trusted sites)
O15 - HKU\S-1-5-21-760722993-256700806-2550827304-1006\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab (StagingUI Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shock...are/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/3...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab (ZonePAChat Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/binframework/v10/StProxy.cab55579.cab (MSN Games – Game Communicator)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-internet-signup - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (cru629.datCorporatio) - C:\WINDOWS\System32\cru629.dat ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O22 - SharedTaskScheduler: {BD56A320-23F2-42AD-F4E4-00AAC39CAA53} - LKMSFOIVAMFOMSFVIOSVJASIUENFJNDJV - C:\WINDOWS\System32\hs7f3uhduhfukde.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7a3a452f-204b-11de-bd03-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3a452f-204b-11de-bd03-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a3a452f-204b-11de-bd03-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9baeb90a-b7c4-11dd-bc78-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{9baeb90a-b7c4-11dd-bc78-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9baeb90a-b7c4-11dd-bc78-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/10 13:40:21 | 00,015,052 | ---- | C] () -- C:\WINDOWS\nahozec._sy
[2009/08/09 10:39:44 | 00,019,648 | ---- | C] () -- C:\WINDOWS\System32\oruq.ban
[2009/08/09 10:39:44 | 00,018,810 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\yraxytupik.pif
[2009/08/09 10:39:44 | 00,017,760 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\egeparemu.dll
[2009/08/09 10:39:44 | 00,017,534 | ---- | C] () -- C:\Program Files\Common Files\emapewufe.dat
[2009/08/09 10:39:44 | 00,017,420 | ---- | C] () -- C:\WINDOWS\cyhaso.dll
[2009/08/09 10:39:44 | 00,017,418 | ---- | C] () -- C:\Program Files\Common Files\nenipiceb.vbs
[2009/08/09 10:39:44 | 00,017,028 | ---- | C] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\howumuxe.inf
[2009/08/09 10:39:44 | 00,016,751 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\beby.db
[2009/08/09 10:39:44 | 00,015,000 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\ubadew.com
[2009/08/09 10:39:44 | 00,014,925 | ---- | C] () -- C:\WINDOWS\yvycadudoc.inf
[2009/08/09 10:39:44 | 00,014,348 | ---- | C] () -- C:\WINDOWS\System32\hyjyvelazi.bat
[2009/08/09 10:39:44 | 00,014,169 | ---- | C] () -- C:\WINDOWS\sejelobi._dl
[2009/08/09 10:39:44 | 00,013,946 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\odetefyv.sys
[2009/08/09 10:39:44 | 00,013,402 | ---- | C] () -- C:\WINDOWS\kiri.com
[2009/08/09 10:39:44 | 00,013,341 | ---- | C] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\zorevypape.sys
[2009/08/09 10:39:44 | 00,012,774 | ---- | C] () -- C:\Program Files\Common Files\fybofypu.com
[2009/08/09 10:39:44 | 00,012,241 | ---- | C] () -- C:\WINDOWS\ezyl.lib
[2009/08/09 10:39:44 | 00,011,608 | ---- | C] () -- C:\WINDOWS\System32\joqogyziz.exe
[2009/08/09 10:39:44 | 00,011,478 | ---- | C] () -- C:\WINDOWS\udikosenu.pif
[2009/08/09 10:39:44 | 00,011,019 | ---- | C] () -- C:\WINDOWS\boceke.pif
[2009/08/09 10:39:44 | 00,010,007 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rehubukika.sys
[2009/08/09 01:04:54 | 00,000,046 | ---- | C] () -- C:\p2hhr.bat
[2009/08/09 01:03:47 | 00,000,000 | ---- | C] () -- C:\-1395157542
[2009/08/09 01:03:14 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\hs7f3uhduhfukde.dll
[2009/08/08 22:15:13 | 00,019,980 | ---- | C] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\vizitegora._dl
[2009/08/08 22:15:13 | 00,019,906 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\kiza._sy
[2009/08/08 22:15:13 | 00,019,712 | ---- | C] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\xaqupuw.exe
[2009/08/08 22:15:13 | 00,018,653 | ---- | C] () -- C:\Program Files\Common Files\xikocadose.exe
[2009/08/08 22:15:13 | 00,017,750 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ylynylyp.lib
[2009/08/08 22:15:13 | 00,016,786 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\hiqozageq.pif
[2009/08/08 22:15:13 | 00,016,280 | ---- | C] () -- C:\WINDOWS\ivyr.lib
[2009/08/08 22:15:13 | 00,016,054 | ---- | C] () -- C:\Program Files\Common Files\apuwereve.lib
[2009/08/08 22:15:13 | 00,015,605 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\jufuqyhocy.com
[2009/08/08 22:15:13 | 00,015,195 | ---- | C] () -- C:\WINDOWS\gofe.bin
[2009/08/08 22:15:13 | 00,014,623 | ---- | C] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\efekow.bin
[2009/08/08 22:15:13 | 00,014,181 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\cedyqijepi.ban
[2009/08/08 22:15:13 | 00,011,091 | ---- | C] () -- C:\WINDOWS\aqutoju._dl
[2009/08/08 22:15:13 | 00,010,805 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\gofi.bin
[2009/08/08 21:23:04 | 00,001,686 | ---- | C] () -- C:\Documents and Settings\ahansraj\Desktop\PC_Antispyware2010.lnk
[2009/08/08 21:23:01 | 00,000,000 | ---D | C] -- C:\Program Files\PC_Antispyware2010
[2009/08/08 21:09:19 | 00,091,136 | ---- | C] () -- C:\hcel.exe
[2009/08/08 20:57:43 | 03,942,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ahansraj\Desktop\mbam-setup.exe
[2009/08/08 20:06:27 | 10,731,52000 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/08 19:51:08 | 00,019,125 | ---- | C] () -- C:\WINDOWS\obeqarode.scr
[2009/08/08 19:51:08 | 00,018,561 | ---- | C] () -- C:\WINDOWS\akilano.reg
[2009/08/08 19:51:08 | 00,017,908 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\vyheq.dat
[2009/08/08 19:51:08 | 00,017,610 | ---- | C] () -- C:\WINDOWS\fesapyme.ban
[2009/08/08 19:51:08 | 00,017,477 | ---- | C] () -- C:\WINDOWS\System32\tavic.com
[2009/08/08 19:51:08 | 00,017,186 | ---- | C] () -- C:\Program Files\Common Files\ytenu.vbs
[2009/08/08 19:51:08 | 00,015,629 | ---- | C] () -- C:\Program Files\Common Files\ekokeri.com
[2009/08/08 19:51:08 | 00,015,506 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\tiloma.sys
[2009/08/08 19:51:08 | 00,015,225 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dicebif.com
[2009/08/08 19:51:08 | 00,015,063 | ---- | C] () -- C:\WINDOWS\olakyfas.ban
[2009/08/08 19:51:08 | 00,015,017 | ---- | C] () -- C:\Documents and Settings\ahansraj\Application Data\amurocyvit.bat
[2009/08/08 19:51:08 | 00,014,594 | ---- | C] () -- C:\WINDOWS\System32\zyzo.scr
[2009/08/08 19:51:08 | 00,013,516 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\ymypufuto.bat
[2009/08/08 19:51:08 | 00,013,106 | ---- | C] () -- C:\WINDOWS\woti.scr
[2009/08/08 19:51:08 | 00,012,666 | ---- | C] () -- C:\WINDOWS\System32\zokyco.pif
[2009/08/08 19:51:08 | 00,012,647 | ---- | C] () -- C:\WINDOWS\System32\buratig.scr
[2009/08/08 19:51:08 | 00,012,555 | ---- | C] () -- C:\Program Files\Common Files\zaliham.dl
[2009/08/08 19:51:08 | 00,011,134 | ---- | C] () -- C:\WINDOWS\kibazix.bat
[2009/08/08 19:51:08 | 00,010,909 | ---- | C] () -- C:\Program Files\Common Files\ilytod.reg
[2009/08/08 19:51:08 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\nezykowu.db
[2009/08/08 19:51:08 | 00,010,082 | ---- | C] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\akykex.dl
[2009/08/08 19:19:32 | 00,347,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009/08/08 19:14:49 | 00,010,240 | ---- | C] () -- C:\WINDOWS\braviax.exe
[2009/08/08 19:14:49 | 00,006,144 | ---- | C] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/08 19:14:49 | 00,006,144 | ---- | C] () -- C:\WINDOWS\cru629.dat
[2009/08/08 19:13:12 | 00,190,460 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/08 19:13:09 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/08 19:13:09 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/08 18:56:12 | 00,000,198 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/08 18:55:48 | 00,151,040 | ---- | C] () -- C:\WINDOWS\msa.exe
[2009/08/08 18:54:20 | 00,000,290 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/08 18:53:49 | 00,208,900 | ---- | C] () -- C:\WINDOWS\System32\msxml71.dll
[2008/07/20 00:49:45 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/05/24 00:43:52 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/05/24 00:43:52 | 00,007,196 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AAC.ini
[2008/05/24 00:43:52 | 00,006,490 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PSP.ini
[2008/05/24 00:43:52 | 00,005,028 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP2_AAC.ini
[2008/05/24 00:43:52 | 00,004,296 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Zune.ini
[2008/05/24 00:43:52 | 00,003,045 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPod.ini
[2008/05/24 00:43:52 | 00,002,956 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PMP.ini
[2008/05/24 00:43:52 | 00,002,910 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_3GP_AMR.ini
[2008/05/24 00:43:52 | 00,002,516 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_PPC.ini
[2008/05/24 00:43:52 | 00,002,175 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_iPhone.ini
[2008/05/24 00:43:52 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QVGA_AAC.ini
[2008/05/24 00:43:52 | 00,001,964 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP2_QCIF_AAC.ini
[2008/05/24 00:43:52 | 00,001,878 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_Xbox.ini
[2008/05/24 00:43:52 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AAC.ini
[2008/05/24 00:43:52 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AMR.ini
[2008/05/24 00:43:52 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QCIF_AAC.ini
[2008/05/24 00:43:52 | 00,001,739 | ---- | C] () -- C:\WINDOWS\System32\INI_Pro_AppleTV.ini
[2008/05/24 00:43:52 | 00,000,036 | ---- | C] () -- C:\WINDOWS\System32\INI_Add_mfra.ini
[2008/05/24 00:43:51 | 00,001,814 | ---- | C] () -- C:\WINDOWS\System32\INI_QT_3GPP_QVGA_AMR.ini
[2008/05/24 00:43:45 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/02/06 02:33:38 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/10/18 18:40:08 | 00,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2006/12/19 00:29:52 | 00,479,232 | ---- | C] () -- C:\WINDOWS\System32\MusicCitydll2.dll
[2006/10/07 22:46:23 | 00,299,008 | ---- | C] () -- C:\WINDOWS\System32\LAME_MP3.dll
[2006/10/07 22:41:55 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/10/07 22:41:55 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/10/07 22:41:55 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/10/07 22:41:55 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/04/01 00:48:02 | 00,000,728 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/02/01 02:13:21 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/01/06 17:34:58 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005/11/07 16:22:08 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/11/02 01:05:13 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/31 22:08:13 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/10/31 21:59:26 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\impborl.dll
[2005/09/29 21:32:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/29 21:23:58 | 00,000,313 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/29 20:52:42 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/09/29 20:51:56 | 00,000,401 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 17:04:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/25 15:15:42 | 00,010,240 | R--- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004/08/12 08:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 13:12:05 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:51:28 | 00,000,973 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 12:51:26 | 00,000,256 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/10 12:50:54 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\beep.sys
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/10 16:10:05 | 00,495,616 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[1996/02/23 20:34:48 | 00,014,629 | ---- | C] () -- C:\WINDOWS\System32\declw.dll
[1996/02/22 18:09:20 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\decln.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[20 C:\WINDOWS\System32\*.tmp files]
[2009/08/10 18:09:24 | 00,000,290 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/10 18:09:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/10 18:09:01 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/10 18:08:58 | 10,731,52000 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/10 18:08:49 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/10 18:08:49 | 00,010,240 | ---- | M] () -- C:\WINDOWS\braviax.exe
[2009/08/10 18:08:49 | 00,006,144 | ---- | M] () -- C:\WINDOWS\System32\cru629.dat
[2009/08/10 18:08:49 | 00,006,144 | ---- | M] () -- C:\WINDOWS\cru629.dat
[2009/08/10 14:00:00 | 00,000,198 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/10 13:40:21 | 00,015,052 | ---- | M] () -- C:\WINDOWS\nahozec._sy
[2009/08/09 10:39:44 | 00,019,648 | ---- | M] () -- C:\WINDOWS\System32\oruq.ban
[2009/08/09 10:39:44 | 00,018,810 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\yraxytupik.pif
[2009/08/09 10:39:44 | 00,017,760 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\egeparemu.dll
[2009/08/09 10:39:44 | 00,017,534 | ---- | M] () -- C:\Program Files\Common Files\emapewufe.dat
[2009/08/09 10:39:44 | 00,017,420 | ---- | M] () -- C:\WINDOWS\cyhaso.dll
[2009/08/09 10:39:44 | 00,017,418 | ---- | M] () -- C:\Program Files\Common Files\nenipiceb.vbs
[2009/08/09 10:39:44 | 00,017,028 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\howumuxe.inf
[2009/08/09 10:39:44 | 00,016,751 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\beby.db
[2009/08/09 10:39:44 | 00,015,000 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\ubadew.com
[2009/08/09 10:39:44 | 00,014,925 | ---- | M] () -- C:\WINDOWS\yvycadudoc.inf
[2009/08/09 10:39:44 | 00,014,348 | ---- | M] () -- C:\WINDOWS\System32\hyjyvelazi.bat
[2009/08/09 10:39:44 | 00,014,169 | ---- | M] () -- C:\WINDOWS\sejelobi._dl
[2009/08/09 10:39:44 | 00,013,946 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\odetefyv.sys
[2009/08/09 10:39:44 | 00,013,402 | ---- | M] () -- C:\WINDOWS\kiri.com
[2009/08/09 10:39:44 | 00,013,341 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\zorevypape.sys
[2009/08/09 10:39:44 | 00,012,774 | ---- | M] () -- C:\Program Files\Common Files\fybofypu.com
[2009/08/09 10:39:44 | 00,012,241 | ---- | M] () -- C:\WINDOWS\ezyl.lib
[2009/08/09 10:39:44 | 00,011,608 | ---- | M] () -- C:\WINDOWS\System32\joqogyziz.exe
[2009/08/09 10:39:44 | 00,011,478 | ---- | M] () -- C:\WINDOWS\udikosenu.pif
[2009/08/09 10:39:44 | 00,011,019 | ---- | M] () -- C:\WINDOWS\boceke.pif
[2009/08/09 10:39:44 | 00,010,007 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rehubukika.sys
[2009/08/09 10:39:12 | 00,001,686 | ---- | M] () -- C:\Documents and Settings\ahansraj\Desktop\PC_Antispyware2010.lnk
[2009/08/09 10:18:13 | 00,190,460 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/09 10:18:10 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/09 10:18:10 | 00,028,160 | ---- | M] () -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/09 02:16:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/08/09 01:04:54 | 00,000,046 | ---- | M] () -- C:\p2hhr.bat
[2009/08/09 01:03:47 | 00,000,000 | ---- | M] () -- C:\-1395157542
[2009/08/09 01:03:14 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\hs7f3uhduhfukde.dll
[2009/08/09 01:03:10 | 00,091,136 | ---- | M] () -- C:\hcel.exe
[2009/08/08 22:15:13 | 00,019,980 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\vizitegora._dl
[2009/08/08 22:15:13 | 00,019,906 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\kiza._sy
[2009/08/08 22:15:13 | 00,019,712 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\xaqupuw.exe
[2009/08/08 22:15:13 | 00,018,653 | ---- | M] () -- C:\Program Files\Common Files\xikocadose.exe
[2009/08/08 22:15:13 | 00,017,750 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ylynylyp.lib
[2009/08/08 22:15:13 | 00,016,786 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\hiqozageq.pif
[2009/08/08 22:15:13 | 00,016,280 | ---- | M] () -- C:\WINDOWS\ivyr.lib
[2009/08/08 22:15:13 | 00,016,054 | ---- | M] () -- C:\Program Files\Common Files\apuwereve.lib
[2009/08/08 22:15:13 | 00,015,605 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\jufuqyhocy.com
[2009/08/08 22:15:13 | 00,015,195 | ---- | M] () -- C:\WINDOWS\gofe.bin
[2009/08/08 22:15:13 | 00,014,623 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\efekow.bin
[2009/08/08 22:15:13 | 00,014,181 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\cedyqijepi.ban
[2009/08/08 22:15:13 | 00,011,091 | ---- | M] () -- C:\WINDOWS\aqutoju._dl
[2009/08/08 22:15:13 | 00,010,805 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\gofi.bin
[2009/08/08 22:13:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/08 20:57:53 | 03,942,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ahansraj\Desktop\mbam-setup.exe
[2009/08/08 19:51:08 | 00,019,125 | ---- | M] () -- C:\WINDOWS\obeqarode.scr
[2009/08/08 19:51:08 | 00,018,561 | ---- | M] () -- C:\WINDOWS\akilano.reg
[2009/08/08 19:51:08 | 00,017,908 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\vyheq.dat
[2009/08/08 19:51:08 | 00,017,610 | ---- | M] () -- C:\WINDOWS\fesapyme.ban
[2009/08/08 19:51:08 | 00,017,477 | ---- | M] () -- C:\WINDOWS\System32\tavic.com
[2009/08/08 19:51:08 | 00,017,186 | ---- | M] () -- C:\Program Files\Common Files\ytenu.vbs
[2009/08/08 19:51:08 | 00,015,629 | ---- | M] () -- C:\Program Files\Common Files\ekokeri.com
[2009/08/08 19:51:08 | 00,015,506 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\tiloma.sys
[2009/08/08 19:51:08 | 00,015,225 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\dicebif.com
[2009/08/08 19:51:08 | 00,015,063 | ---- | M] () -- C:\WINDOWS\olakyfas.ban
[2009/08/08 19:51:08 | 00,015,017 | ---- | M] () -- C:\Documents and Settings\ahansraj\Application Data\amurocyvit.bat
[2009/08/08 19:51:08 | 00,014,594 | ---- | M] () -- C:\WINDOWS\System32\zyzo.scr
[2009/08/08 19:51:08 | 00,013,516 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\ymypufuto.bat
[2009/08/08 19:51:08 | 00,013,106 | ---- | M] () -- C:\WINDOWS\woti.scr
[2009/08/08 19:51:08 | 00,012,666 | ---- | M] () -- C:\WINDOWS\System32\zokyco.pif
[2009/08/08 19:51:08 | 00,012,647 | ---- | M] () -- C:\WINDOWS\System32\buratig.scr
[2009/08/08 19:51:08 | 00,012,555 | ---- | M] () -- C:\Program Files\Common Files\zaliham.dl
[2009/08/08 19:51:08 | 00,011,134 | ---- | M] () -- C:\WINDOWS\kibazix.bat
[2009/08/08 19:51:08 | 00,010,909 | ---- | M] () -- C:\Program Files\Common Files\ilytod.reg
[2009/08/08 19:51:08 | 00,010,240 | ---- | M] () -- C:\WINDOWS\System32\nezykowu.db
[2009/08/08 19:51:08 | 00,010,082 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\akykex.dl
[2009/08/08 18:53:54 | 00,151,040 | ---- | M] () -- C:\WINDOWS\msa.exe
[2009/08/08 18:53:49 | 00,208,900 | ---- | M] () -- C:\WINDOWS\System32\msxml71.dll
[2009/08/08 15:28:50 | 00,347,020 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\_scui.cpl
[2009/08/08 15:12:44 | 00,000,583 | ---- | M] () -- C:\Documents and Settings\ahansraj\My Documents\My Sharing Folders.lnk
[2009/08/05 19:02:35 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/05 18:10:45 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/08/04 08:50:33 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\ahansraj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 03:45:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/30 15:45:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/18 17:20:31 | 03,062,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/18 17:20:31 | 03,062,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/18 17:20:31 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/07/18 17:20:31 | 01,506,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
< End of report >





OTL Extras logfile created on: 10/08/2009 18:48:04 - Run 1
OTL by OldTimer - Version 3.0.10.5 Folder = C:\Documents and Settings\ahansraj\My Documents\dloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.37 Mb Total Physical Memory | 393.32 Mb Available Physical Memory | 38.43% Memory free
2.40 Gb Paging File | 1.82 Gb Available in Paging File | 75.72% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.44 Gb Total Space | 8.59 Gb Free Space | 12.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 298.02 Gb Total Space | 0.34 Gb Free Space | 0.11% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: ALIM
Current User Name: ahansraj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"16105:TCP" = 16105:TCP:*:Enabled:BitComet 16105 TCP
"16105:UDP" = 16105:UDP:*:Enabled:BitComet 16105 UDP
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- File not found
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOLacsd -- (America Online, Inc.)
"C:\Program Files\Java\jre6\bin\jusched.exe" = C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:jusched -- (Sun Microsystems, Inc.)
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:MSASCui -- (Microsoft Corporation)
"C:\Program Files\Apoint\Apoint.exe" = C:\Program Files\Apoint\Apoint.exe:*:Enabled:Apoint -- (Alps Electric Co., Ltd.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}" = Nokia N73 highlights
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web 2.4
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{508FA22B-AFFC-46CD-9441-2567976574A4}" = Nokia PC Suite
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{588AA47B-9115-44D3-B2E5-4F10BC659D6C}" = Nokia PC Connectivity Solution
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59359B3D-ABE7-46BF-AB55-43B67A64DC68}" = Nokia MTP driver
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E30715-9EC4-4DAE-BE67-64500AEB8012}" = Nokia Nseries Skin for Microsoft Windows Media Player
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.0.96
"{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}" = Nokia themes for your device
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F185C48-595B-401A-A1D6-AAB324890DC4}" = GiPo@MoveOnBoot 1.9.5
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7AC5A96-C8BC-431C-B661-27A09781DFA8}" = Wanadoo Europe Installer
"{BCCC3103-466C-41FA-A162-79E0CC7E9337}" = ArcSoft WebCam Companion
"{C19BE821-89B1-4A96-AC7C-873810C0CB5F}" = ContentSAFER for Wizmax
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE565795-2776-415A-B31C-EB3A8D7C6FA4}" = Nokia Lifeblog 2.1
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"010D072E91408D6B7C6FC65489B6D30C027605F5" = Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"America Online uk" = AOL UK (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Spyware Protection" = AOL Spyware Protection
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040201.2 uk)
"Apex Video Converter Super_is1" = Apex Video Converter Super 6.59
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitComet" = BitComet 1.00
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DC++" = DC++ 0.674
"FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1" = FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0622
"Glary Registry Repair_is1" = Glary Registry Repair 3.0
"hp deskjet 3325 series" = hp deskjet 3325 series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"Lame MP3 Codec (for the ACM)" = Lame ACM MP3 Codec
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC_Antispyware2010" = PC Antispyware 2010
"ProInst" = Intel® PROSet/Wireless Software
"Rapport_is1" = Rapport
"RealPlayer 6.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Skype_is1" = Skype 2.5
"SopCast" = SopCast 3.0.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"TVUPlayer" = TVUPlayer 2.4.1.0
"Van Helsing Screensaver" = Van Helsing Screensaver
"Veoh Web Player Beta" = Veoh Web Player
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD" = XviD MPEG-4 Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-760722993-256700806-2550827304-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/07/2009 05:36:57 | Computer Name = ALIM | Source = ESENT | ID = 477
Description = Catalog Database (1352) The log range read from the file "C:\WINDOWS\system32\CatRoot2\edb.log"
at offset 10752 (0x0000000000002a00) for 512 (0x00000200) bytes failed verification
due to a range checksum mismatch. The read operation will fail with error -501
(0xfffffe0b). If this condition persists then please restore the logfile from
a previous backup.

Error - 13/07/2009 05:36:57 | Computer Name = ALIM | Source = ESENT | ID = 465
Description = Catalog Database (1352) Corruption was detected during soft recovery
in logfile C:\WINDOWS\system32\CatRoot2\edb.log. The failing checksum record is
located at position 21:114. Data not matching the log-file fill pattern first appeared
in sector 21. This logfile has been damaged and is unusable.

Error - 13/07/2009 05:36:58 | Computer Name = ALIM | Source = ESENT | ID = 477
Description = Catalog Database (1352) The log range read from the file "C:\WINDOWS\system32\CatRoot2\edb.log"
at offset 10752 (0x0000000000002a00) for 512 (0x00000200) bytes failed verification
due to a range checksum mismatch. The read operation will fail with error -501
(0xfffffe0b). If this condition persists then please restore the logfile from
a previous backup.

Error - 13/07/2009 05:36:58 | Computer Name = ALIM | Source = ESENT | ID = 465
Description = Catalog Database (1352) Corruption was detected during soft recovery
in logfile C:\WINDOWS\system32\CatRoot2\edb.log. The failing checksum record is
located at position 21:114. Data not matching the log-file fill pattern first appeared
in sector 21. This logfile has been damaged and is unusable.

Error - 13/07/2009 05:36:58 | Computer Name = ALIM | Source = ESENT | ID = 477
Description = Catalog Database (1352) The log range read from the file "C:\WINDOWS\system32\CatRoot2\edb.log"
at offset 10752 (0x0000000000002a00) for 512 (0x00000200) bytes failed verification
due to a range checksum mismatch. The read operation will fail with error -501
(0xfffffe0b). If this condition persists then please restore the logfile from
a previous backup.

Error - 13/07/2009 05:36:58 | Computer Name = ALIM | Source = ESENT | ID = 465
Description = Catalog Database (1352) Corruption was detected during soft recovery
in logfile C:\WINDOWS\system32\CatRoot2\edb.log. The failing checksum record is
located at position 21:114. Data not matching the log-file fill pattern first appeared
in sector 21. This logfile has been damaged and is unusable.

Error - 13/07/2009 05:37:00 | Computer Name = ALIM | Source = ESENT | ID = 454
Description = Catalog Database (1352) Database recovery/restore failed with unexpected
error -501.

Error - 19/07/2009 09:19:42 | Computer Name = ALIM | Source = Application Hang | ID = 1002
Description = Hanging application WinRAR.exe, version 3.51.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 30/07/2009 23:04:40 | Computer Name = ALIM | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 09/08/2009 05:18:05 | Computer Name = ALIM | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module sb.dll, version 9.0.0.1, fault address 0x00006948.

[ System Events ]
Error - 10/08/2009 13:09:25 | Computer Name = ALIM | Source = Service Control Manager | ID = 7000
Description = The Windows Defender service failed to start due to the following
error: %%1053

Error - 10/08/2009 13:09:25 | Computer Name = ALIM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Print Spooler service
to connect.

Error - 10/08/2009 13:09:25 | Computer Name = ALIM | Source = Service Control Manager | ID = 7000
Description = The Print Spooler service failed to start due to the following error:
%%1053

Error - 10/08/2009 13:09:25 | Computer Name = ALIM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1058

Error - 10/08/2009 13:09:25 | Computer Name = ALIM | Source = Service Control Manager | ID = 7001
Description = The Fax service depends on the Print Spooler service which failed
to start because of the following error: %%1053

Error - 10/08/2009 13:10:45 | Computer Name = ALIM | Source = Service Control Manager | ID = 7022
Description = The Rapport Management Service service hung on starting.

Error - 10/08/2009 13:13:57 | Computer Name = ALIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/08/2009 13:14:23 | Computer Name = ALIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/08/2009 13:14:48 | Computer Name = ALIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.

Error - 10/08/2009 13:15:02 | Computer Name = ALIM | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk0\D.


< End of report >

#4 golo

golo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 10 August 2009 - 01:53 PM

GMER 1.0.15.15020 [pzn1mdsu.exe] - http://www.gmer.net
Rootkit scan 2009-08-10 19:52:38
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 86E0FE08 ZwEnumerateKey
Code 86EE1FD8 ZwFlushInstructionCache
Code 86E0F00E IofCallDriver
Code 86E10266 IofCompleteRequest
Code 86F172AD ZwSaveKey
Code 86EDC2ED ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE00A 5 Bytes JMP 86E0F013
.text ntkrnlpa.exe!IofCompleteRequest 804EE09A 5 Bytes JMP 86E1026B
.text ntkrnlpa.exe!ZwSaveKey 804FE48C 5 Bytes JMP 86F172B2
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE4A0 5 Bytes JMP 86EDC2F2
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP 86EE1FDC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619770 5 Bytes JMP 86E0FE0C

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[188] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 013D000A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[188] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 013E000A
.text C:\Program Files\MSN Messenger\msnmsgr.exe[188] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00E0000A
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00E1000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 0040BD60 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C4000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C5000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 716C000A
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] USER32.dll!CallMsgFilterW + 21D 7E42DBC9 6 Bytes JMP 00431630 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 71680022
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF000A
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C0000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0095000A
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0096000A
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D6000A
.text C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00D7000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0095000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0096000A
.text C:\WINDOWS\System32\PAStiSvc.exe[800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\PAStiSvc.exe[800] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0094000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[892] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[892] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 009B000A
.text C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF000A
.text C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 007B000A
.text C:\WINDOWS\system32\winlogon.exe[992] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 007C000A
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\services.exe[1036] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\lsass.exe[1056] ntdll.dll!LdrLoadDll 7C915CBB 3 Bytes JMP 0092000A
.text C:\WINDOWS\system32\lsass.exe[1056] ntdll.dll!LdrLoadDll + 4 7C915CBF 1 Byte [84]
.text C:\WINDOWS\system32\lsass.exe[1056] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1220] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1220] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BF000A
.text C:\WINDOWS\System32\alg.exe[1376] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\alg.exe[1376] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0095000A
.text C:\WINDOWS\system32\spoolsv.exe[1448] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\spoolsv.exe[1448] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DD000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00E1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0
.text C:\Program Files\Mozilla Firefox\firefox.exe[1604] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1648] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00E6000A
.text C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe[1648] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00E7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1696] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0097000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1704] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0098000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1760] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C9000A
.text C:\Program Files\Digital Line Detect\DLG.exe[1760] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00CA000A
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C4000A
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C1000A
.text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C2000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] WININET.dll!HttpAddRequestHeadersA 771C40A2 5 Bytes JMP 00DA000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] WININET.dll!HttpAddRequestHeadersW 771CEEDC 5 Bytes JMP 00E5000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] WS2_32.dll!connect 71AB406A 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] WS2_32.dll!send 71AB428A 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1824] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 100129A0
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1936] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A0000A
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1936] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A1000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[2008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CE000A
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[2008] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00CF000A
.text C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF000A
.text C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C0000A
.text C:\WINDOWS\system32\taskmgr.exe[2180] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\taskmgr.exe[2180] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BB000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DB000A
.text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00DC000A
.text C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BD000A
.text C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BE000A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[2472] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A
.text C:\Program Files\Apoint\Apoint.exe[2516] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C5000A
.text C:\Program Files\Apoint\Apoint.exe[2516] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C6000A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C0000A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00A8000A
.text C:\Program Files\Apoint\Apntex.exe[2760] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BB000A
.text C:\Program Files\Apoint\Apntex.exe[2760] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BC000A
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF000A
.text C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C0000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BF000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[3044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C0000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CB000A
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00CC000A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3132] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00CD000A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3132] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00CE000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C3000A
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C4000A
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0102000A
.text C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 0103000A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\ctfmon.exe[3272] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\ctfmon.exe[3272] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A
.text C:\WINDOWS\system32\rundll32.exe[3360] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\rundll32.exe[3360] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BD000A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BE000A
.text C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00DC000A
.text C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00DD000A
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D0000A
.text C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00D1000A
.text C:\Program Files\QuickTime\qttask.exe[3508] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C2000A
.text C:\Program Files\QuickTime\qttask.exe[3508] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C3000A
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C0000A
.text C:\Program Files\iTunes\iTunesHelper.exe[3540] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C1000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00D9000A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\braviax.exe[3628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\braviax.exe[3628] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BC000A
.text C:\Program Files\iPod\bin\iPodService.exe[3712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 009C000A
.text C:\Program Files\iPod\bin\iPodService.exe[3712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 009D000A
.text C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C7000A
.text C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C8000A
.text C:\Program Files\DellSupport\DSAgnt.exe[3804] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00C2000A
.text C:\Program Files\DellSupport\DSAgnt.exe[3804] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00C3000A
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0119000A
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 011A000A
.text C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BA000A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BB000A
.text C:\WINDOWS\system32\wuauclt.exe[4040] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\wuauclt.exe[4040] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00BD000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[140] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000851CB
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085117
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000850B2
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00085080
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000851CB
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085484
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085484
IAT C:\Program Files\MSN Messenger\msnmsgr.exe[188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[192] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[268] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[304] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Avira\AntiVir Desktop\sched.exe[340] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe[712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\System32\PAStiSvc.exe[800] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Bonjour\mDNSResponder.exe[892] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\svchost.exe[960] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135117
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001350B2
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135080
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CreateWindowExW] [00416AB4] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!ShowWindow] [00416B2E] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowPos] [00416BE0] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00135484
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00416A3A] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00416AB4] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00416BE0] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00416B2E] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00135484
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00416A3A] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00416AB4] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00416B2E] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001351CB
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!ShowWindow] [00416B2E] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExA] [00416A3A] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00416BE0] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!SetWindowPos] [00416BE0] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe[964] @ C:\WINDOWS\system32\userenv.dll [USER32.dll!ShowWindow] [00416B2E] C:\DOCUME~1\ahansraj\LOCALS~1\Temp\b.exe
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00FD51CB
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FD51CB
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FD5117
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FD50B2
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FD5080
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FD5484
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FD5736
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FD5736
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FD5484
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FD5736
IAT C:\WINDOWS\system32\services.exe[1036] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FD51CB
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F551CB
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F550B2
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F55080
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F551CB
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00F55117
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00F550B2
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00F55484
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F55484
IAT C:\WINDOWS\system32\lsass.exe[1056] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F55736
IAT C:\WINDOWS\system32\svchost.exe[1236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F05080
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E451CB
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E45117
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E450B2
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E45080
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E45484
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E45736
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E45736
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E45484
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E45736
IAT C:\WINDOWS\system32\svchost.exe[1320] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E451CB
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\System32\alg.exe[1376] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\spoolsv.exe[1448] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00FA51CB
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00FA5117
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00FA50B2
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00FA5080
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00FA5484
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00FA5736
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00FA5736
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00FA5484
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00FA5736
IAT C:\WINDOWS\System32\svchost.exe[1472] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00FA51CB
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BD51CB
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BD5117
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BD50B2
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BD5080
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BD5484
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BD5736
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BD5736
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BD5484
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BD5736
IAT C:\WINDOWS\system32\svchost.exe[1596] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BD51CB
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Mozilla Firefox\firefox.exe[1604] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1704] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Digital Line Detect\DLG.exe[1760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 01475736
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 014751CB
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01475117
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 014750B2
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01475080
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 01475484
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 01475736
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 01475736
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 01475736
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 01475484
IAT C:\WINDOWS\Explorer.EXE[1772] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 014751CB
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[1784] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe[2044] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\OLE32.DLL [USER32.dll!GetClipboardData] 00145484
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\OLE32.DLL [USER32.dll!TranslateMessage] 00145736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\DOCUME~1\ahansraj\LOCALS~1\Temp\login.exe[2348] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Apoint\Apoint.exe[2516] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[2736] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\wbem\wmiprvse.exe[2748] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Apoint\Apntex.exe[2760] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2984] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3044] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3112] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Dell\QuickSet\quickset.exe[3132] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3140] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe[3228] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\System32\svchost.exe[3244] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Dell\Media Experience\DMXLauncher.exe[3252] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000851CB
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085117
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000850B2
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00085080
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085484
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085484
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\WINDOWS\system32\ctfmon.exe[3272] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000851CB
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3352] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405117
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 004050B2
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405080
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00405484
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405736
IAT C:\WINDOWS\system32\rundll32.exe[3360] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 004051CB
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3368] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE[3384] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe[3424] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\QuickTime\qttask.exe[3508] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\iTunes\iTunesHelper.exe[3540] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3556] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\WINDOWS\system32\braviax.exe[3628] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\iPod\bin\iPodService.exe[3712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Documents and Settings\ahansraj\My Documents\dloads\pzn1mdsu.exe[3768] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\DellSupport\DSAgnt.exe[3804] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe[3976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00145117
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 001450B2
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00145080
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00145484
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00145736
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3992] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 001451CB
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 000851CB
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085117
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 000850B2
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00085080
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00085484
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00085736
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00085484
IAT C:\WINDOWS\system32\wuauclt.exe[4040] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 000851CB

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACkqqgwollhd.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1236] 0x00CC0000
Library \\?\globalroot\systemroot\system32\UACxqicdkpjed.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1236] 0x01700000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a86a57
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a86a57@0015de29b341 0xB2 0xC3 0x25 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060a86a57@001979d13b99 0x5A 0x1F 0x98 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACaoylyaxekt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACaoylyaxekt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACforsnrnpet.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjldvviwtap.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACrgrqoyvppp.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACvymnmsucxb.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACxqicdkpjed.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxebfktpsbw.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACkqqgwollhd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a86a57 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a86a57@0015de29b341 0xB2 0xC3 0x25 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060a86a57@001979d13b99 0x5A 0x1F 0x98 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACaoylyaxekt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACaoylyaxekt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACforsnrnpet.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACjldvviwtap.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACrgrqoyvppp.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACvymnmsucxb.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACxqicdkpjed.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACxebfktpsbw.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACkqqgwollhd.dll

---- EOF - GMER 1.0.15 ----

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 PM

Posted 11 August 2009 - 10:05 AM

We need to run combofix.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 golo

golo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 11 August 2009 - 04:19 PM

hi Sam,

i downloaded combo fix as u instructed but after double clicking on the icon and then on run, nothing happened

please advise

thanks

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 PM

Posted 12 August 2009 - 09:36 AM

We can work around that. Delete combofix.exe off your desktop.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 golo

golo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 12 August 2009 - 01:43 PM

thanks Sam...combofix ran this time and after a reboot the "x" in the task bar has vanished...however the
PC_antispyware icons are still there and i got a pop up from it as well






ComboFix 09-08-10.06 - ahansraj 12/08/2009 19:14.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.668 [GMT 1:00]
Running from: c:\documents and settings\ahansraj\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\-1395157542
c:\docume~1\ahansraj\LOCALS~1\Temp\csrss.exe
c:\docume~1\ahansraj\LOCALS~1\Temp\lsass.exe
c:\docume~1\ahansraj\LOCALS~1\Temp\services.exe
c:\docume~1\ahansraj\LOCALS~1\Temp\taskmgr.exe
c:\documents and settings\ahansraj\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\enuse.reg
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\hebekol.pif
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\livulej.db
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\mizuzuze.lib
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\pyxesiqeru.pif
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\usuxytapiw.bin
c:\documents and settings\ahansraj\Local Settings\Temporary Internet Files\ynaly.pif
C:\LOG93.tmp
C:\p2hhr.bat
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\msa.exe
c:\windows\run.log
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\drivers\UACaoylyaxekt.sys
c:\windows\system32\hs7f3uhduhfukde.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
c:\windows\system32\msxml71.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\UACforsnrnpet.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjldvviwtap.dll
c:\windows\system32\UACkpyycbjouf.log
c:\windows\system32\UACkqqgwollhd.dll
c:\windows\system32\UACrgrqoyvppp.dat
c:\windows\system32\UACvymnmsucxb.db
c:\windows\system32\UACxebfktpsbw.dll
c:\windows\system32\UACxqicdkpjed.dll
c:\windows\system32\wisdstr.exe

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\beep.sys


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-11 12:08 . 2009-08-11 12:08 18948 ----a-w- c:\documents and settings\ahansraj\Local Settings\Application Data\haci.sys
2009-08-09 09:39 . 2009-08-09 09:39 17760 ----a-w- c:\documents and settings\ahansraj\Application Data\egeparemu.dll
2009-08-09 09:39 . 2009-08-09 09:39 17534 ----a-w- c:\program files\Common Files\emapewufe.dat
2009-08-09 09:39 . 2009-08-09 09:39 17420 ----a-w- c:\windows\cyhaso.dll
2009-08-09 09:39 . 2009-08-09 09:39 17418 ----a-w- c:\program files\Common Files\nenipiceb.vbs
2009-08-08 20:09 . 2009-08-09 00:03 91136 ----a-w- C:\hcel.exe
2009-08-08 18:13 . 2009-08-11 12:01 28160 ----a-w- c:\windows\system32\dllcache\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 09:39 . 2009-08-09 09:39 15000 ----a-w- c:\documents and settings\ahansraj\Application Data\ubadew.com
2009-08-09 09:39 . 2009-08-09 09:39 15000 ----a-w- c:\documents and settings\ahansraj\Application Data\ubadew.com
2009-08-09 09:39 . 2009-08-09 09:39 14348 ----a-w- c:\windows\system32\hyjyvelazi.bat
2009-08-09 09:39 . 2009-08-09 09:39 13402 ----a-w- c:\windows\kiri.com
2009-08-09 09:39 . 2009-08-09 09:39 13341 ----a-w- c:\documents and settings\ahansraj\Local Settings\Application Data\zorevypape.sys
2009-08-09 09:39 . 2009-08-09 09:39 12774 ----a-w- c:\program files\Common Files\fybofypu.com
2009-08-09 09:39 . 2009-08-09 09:39 11608 ----a-w- c:\windows\system32\joqogyziz.exe
2009-08-09 09:39 . 2009-08-09 09:39 11478 ----a-w- c:\windows\udikosenu.pif
2009-08-09 09:39 . 2009-08-09 09:39 11019 ----a-w- c:\windows\boceke.pif
2009-08-09 09:39 . 2009-08-09 09:39 10007 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\rehubukika.sys
2009-08-09 09:39 . 2009-08-08 20:23 -------- d-----w- c:\program files\PC_Antispyware2010
2009-08-08 21:15 . 2009-08-08 21:15 19712 ----a-w- c:\documents and settings\ahansraj\Local Settings\Application Data\xaqupuw.exe
2009-08-08 21:15 . 2009-08-08 21:15 18653 ----a-w- c:\program files\Common Files\xikocadose.exe
2009-08-08 21:15 . 2009-08-08 21:15 16054 ----a-w- c:\program files\Common Files\apuwereve.lib
2009-08-08 21:15 . 2009-08-08 21:15 15195 ----a-w- c:\windows\gofe.bin
2009-08-08 21:15 . 2009-08-08 21:15 14623 ----a-w- c:\documents and settings\ahansraj\Local Settings\Application Data\efekow.bin
2009-08-08 21:15 . 2009-08-08 21:15 10805 ----a-w- c:\documents and settings\ahansraj\Application Data\gofi.bin
2009-08-08 17:42 . 2009-08-06 18:48 1234797 ----a-w- c:\windows\system32\xa.tmp
2009-08-08 15:57 . 2008-12-09 16:18 -------- d-----w- c:\documents and settings\ahansraj\Application Data\EndNote
2009-08-05 17:10 . 2009-03-25 01:07 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-26 16:18 . 2004-08-10 11:51 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 00:54 . 2009-06-23 00:54 -------- d-----w- c:\program files\A-Z
2009-06-16 14:55 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 11:51 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-10 11:51 1290752 ----a-w- c:\windows\system32\quartz.dll
2006-05-06 16:42 . 2006-06-01 21:36 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-26 3558648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"PC Antispyware 2010"="c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe" [2009-08-08 581516]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-9-29 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-29 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16105:TCP"= 16105:TCP:BitComet 16105 TCP
"16105:UDP"= 16105:UDP:BitComet 16105 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [18/03/2009 02:44 57320]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [18/03/2009 02:44 238952]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [30/05/2009 22:26 648424]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 PAC207;CamMaestro 3.01 DU PC Camera;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: Windowsupdate.com\Download
FF - ProfilePath - c:\docume~1\ahansraj\APPLIC~1\Mozilla\Firefox\Profiles\4vvl8h6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=1pgsay1bayy1s&shva=1#inbox|http://www.facebook.com/login.php|http://katz.cd/
FF - plugin: c:\documents and settings\ahansraj\Application Data\Mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmirage.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 19:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-760722993-256700806-2550827304-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,14,64,1f,e1,00,00,e7,40,44,c0,c7,09,73,8a,e1,7d,63,d8,c6,94,76,b4,
c1,23,d2,10,71,72,ff,b4,fa,88,db,7a,64,a7,57,0c,01,9a,d2,f2,09,db,7b,fe,40,\
"??"=hex:cf,36,e1,f1,7c,db,2f,8e,4a,b7,01,25,a0,ab,85,bc
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3432)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\ArcSoft\WebCam Companion\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\PAStiSvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\Apoint\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-12 19:33 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-12 18:33
ComboFix2.txt 2009-03-27 18:27
ComboFix3.txt 2009-03-25 00:31

Pre-Run: 7,111,331,840 bytes free
Post-Run: 7,574,347,776 bytes free

270 --- E O F --- 2009-08-11 11:23

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 PM

Posted 12 August 2009 - 04:36 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

File::
c:\documents and settings\ahansraj\Application Data\ubadew.com
c:\documents and settings\ahansraj\Application Data\ubadew.com
c:\windows\system32\hyjyvelazi.bat
c:\windows\kiri.com
c:\documents and settings\ahansraj\Local Settings\Application Data\zorevypape.sys
c:\program files\Common Files\fybofypu.com
c:\windows\system32\joqogyziz.exe
c:\windows\udikosenu.pif
c:\windows\boceke.pif
c:\docume~1\ALLUSE~1\APPLIC~1\rehubukika.sys
c:\documents and settings\ahansraj\Local Settings\Application Data\xaqupuw.exe
c:\program files\Common Files\xikocadose.exe
c:\program files\Common Files\apuwereve.lib
c:\windows\gofe.bin
c:\documents and settings\ahansraj\Local Settings\Application Data\efekow.bin
c:\documents and settings\ahansraj\Application Data\gofi.bin
c:\windows\system32\xa.tmp
c:\documents and settings\ahansraj\Local Settings\Application Data\haci.sys
c:\documents and settings\ahansraj\Application Data\egeparemu.dll
c:\program files\Common Files\emapewufe.dat
c:\windows\cyhaso.dll
c:\program files\Common Files\nenipiceb.vbs
C:\hcel.exe

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Antispyware 2010"=-

Folder::
c:\program files\PC_Antispyware2010
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


====================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 golo

golo
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 13 August 2009 - 04:23 PM

hi Sam...did as you instructed in your previous message and things on the computer seem to have
returned to normal...below are the logs you requested:



ComboFix 09-08-10.06 - ahansraj 12/08/2009 23:16.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.499 [GMT 1:00]
Running from: c:\documents and settings\ahansraj\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\ahansraj\Desktop\CFScript.txt

FILE ::
"c:\docume~1\ALLUSE~1\APPLIC~1\rehubukika.sys"
"c:\documents and settings\ahansraj\Application Data\egeparemu.dll"
"c:\documents and settings\ahansraj\Application Data\gofi.bin"
"c:\documents and settings\ahansraj\Application Data\ubadew.com"
"c:\documents and settings\ahansraj\Local Settings\Application Data\efekow.bin"
"c:\documents and settings\ahansraj\Local Settings\Application Data\haci.sys"
"c:\documents and settings\ahansraj\Local Settings\Application Data\xaqupuw.exe"
"c:\documents and settings\ahansraj\Local Settings\Application Data\zorevypape.sys"
"C:\hcel.exe"
"c:\program files\Common Files\apuwereve.lib"
"c:\program files\Common Files\emapewufe.dat"
"c:\program files\Common Files\fybofypu.com"
"c:\program files\Common Files\nenipiceb.vbs"
"c:\program files\Common Files\xikocadose.exe"
"c:\windows\boceke.pif"
"c:\windows\cyhaso.dll"
"c:\windows\gofe.bin"
"c:\windows\kiri.com"
"c:\windows\system32\hyjyvelazi.bat"
"c:\windows\system32\joqogyziz.exe"
"c:\windows\system32\xa.tmp"
"c:\windows\udikosenu.pif"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ALLUSE~1\APPLIC~1\rehubukika.sys
c:\documents and settings\ahansraj\Application Data\egeparemu.dll
c:\documents and settings\ahansraj\Application Data\gofi.bin
c:\documents and settings\ahansraj\Application Data\ubadew.com
c:\documents and settings\ahansraj\Local Settings\Application Data\efekow.bin
c:\documents and settings\ahansraj\Local Settings\Application Data\haci.sys
c:\documents and settings\ahansraj\Local Settings\Application Data\xaqupuw.exe
c:\documents and settings\ahansraj\Local Settings\Application Data\zorevypape.sys
C:\hcel.exe
c:\program files\Common Files\apuwereve.lib
c:\program files\Common Files\emapewufe.dat
c:\program files\Common Files\fybofypu.com
c:\program files\Common Files\nenipiceb.vbs
c:\program files\Common Files\xikocadose.exe
c:\program files\PC_Antispyware2010
c:\program files\PC_Antispyware2010\AVEngn.dll
c:\program files\PC_Antispyware2010\data\daily.cvd
c:\program files\PC_Antispyware2010\htmlayout.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\PC_Antispyware2010\PC_Antispyware2010.cfg
c:\program files\PC_Antispyware2010\pthreadVC2.dll
c:\program files\PC_Antispyware2010\Uninstall.exe
c:\program files\PC_Antispyware2010\wscui.cpl
c:\windows\boceke.pif
c:\windows\cyhaso.dll
c:\windows\gofe.bin
c:\windows\kiri.com
c:\windows\system32\hyjyvelazi.bat
c:\windows\system32\joqogyziz.exe
c:\windows\system32\xa.tmp
c:\windows\udikosenu.pif


.
((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))
.

2009-08-08 18:13 . 2009-08-11 12:01 28160 ----a-w- c:\windows\system32\dllcache\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 15:57 . 2008-12-09 16:18 -------- d-----w- c:\documents and settings\ahansraj\Application Data\EndNote
2009-08-05 17:10 . 2009-03-25 01:07 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-26 16:18 . 2004-08-10 11:51 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-10 11:51 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 00:54 . 2009-06-23 00:54 -------- d-----w- c:\program files\A-Z
2009-06-16 14:55 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 11:51 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:27 . 2004-08-10 11:51 1290752 ----a-w- c:\windows\system32\quartz.dll
2006-05-06 16:42 . 2006-06-01 21:36 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-12_18.25.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-12 19:42 . 2009-08-12 19:42 16384 c:\windows\Temp\Perflib_Perfdata_3ec.dat
+ 2009-08-12 19:42 . 2009-08-12 19:42 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-09 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-03-26 3558648]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 344064]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-02-16 147456]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2005-9-29 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-9-29 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 15:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\Apoint\\Apoint.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16105:TCP"= 16105:TCP:BitComet 16105 TCP
"16105:UDP"= 16105:UDP:BitComet 16105 UDP
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [18/03/2009 02:44 57320]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [18/03/2009 02:44 238952]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [30/05/2009 22:26 648424]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 PAC207;CamMaestro 3.01 DU PC Camera;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: Windowsupdate.com\Download
FF - ProfilePath - c:\docume~1\ahansraj\APPLIC~1\Mozilla\Firefox\Profiles\4vvl8h6s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=1pgsay1bayy1s&shva=1#inbox|http://www.facebook.com/login.php|http://katz.cd/
FF - plugin: c:\documents and settings\ahansraj\Application Data\Mozilla\Firefox\Profiles\4vvl8h6s.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmirage.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-12 23:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [34452]
? [34552]
scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-760722993-256700806-2550827304-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b7,14,64,1f,e1,00,00,e7,40,44,c0,c7,09,73,8a,e1,7d,63,d8,c6,94,76,b4,
c1,23,d2,10,71,72,ff,b4,fa,88,db,7a,64,a7,57,0c,01,9a,d2,f2,09,db,7b,fe,40,\
"??"=hex:cf,36,e1,f1,7c,db,2f,8e,4a,b7,01,25,a0,ab,85,bc
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(980)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-08-12 23:27
ComboFix-quarantined-files.txt 2009-08-12 22:26
ComboFix2.txt 2009-08-12 18:33
ComboFix3.txt 2009-03-27 18:27
ComboFix4.txt 2009-03-25 00:31

Pre-Run: 6,465,617,920 bytes free
Post-Run: 6,425,169,920 bytes free

219 --- E O F --- 2009-08-11 11:23







Malwarebytes' Anti-Malware 1.40
Database version: 2614
Windows 5.1.2600 Service Pack 2

12/08/2009 23:54:29
mbam-log-2009-08-12 (23-54-29).txt

Scan type: Quick Scan
Objects scanned: 93369
Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\fias4051 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010 (Rogue.PC_Antispyware2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreaxs (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\ahansraj\Application Data\nidle (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\Documents and Settings\ahansraj\Cookies\dulufuma.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\ahansraj\Cookies\vutuder.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 PM

Posted 14 August 2009 - 03:12 PM

Looking good! Just a few more steps and you should be good to go! :)


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

====================


Run an online scan at Secunia Online Software Inspector
  • Click on the red button at the bottom of the screen that says Start Scanner.
  • Follow the prompts to install the scanning software.
  • Do not check the box for Enable thorough system inspection
  • Click the Start button.
  • The program will scan your system and identify insecure versions of software and missing security updates.
  • Using the links provided in the scan, download and install any current and secure versions that are needed.



====================



We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:51 PM

Posted 05 September 2009 - 10:17 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users