Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results redirecting, Directrdr.com popups & no safemode


  • This topic is locked This topic is locked
4 replies to this topic

#1 bobast

bobast

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 29 November 2009 - 08:42 AM

Hello all, first can I say thankyou for any help in advance and apologies if this is posted in the wrong section.

The problems I am having are the same as the title of this topic says. When I search google, most of the time when I click on the search result that I require, a completely unrelated web site will load instead. I have to click back to google and click my desired search result again. This happens several times before my browser goes to the site I actually want it to.

Also, I'm not sure if this is connected to the above issue or not, but at random times my browser will open a new tab and start taking me to a web site that contains directrdr.com in it's address.


DDS (Ver_09-11-29.01) - NTFSx86
Run by Stephen at 13:19:35.31 on 29/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.414 [GMT 0:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.5.2.11\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.3.2.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: ccc-core-static - msiexec /fums {35BDA760-4905-19AA-54A0-C118ABB5BF0C} /qb
Hosts: 93.174.93.98 img.12chan.crabdance.com
============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys [2009-9-9 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys [2009-9-9 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys [2009-9-9 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20091111.001\IDSXpx86.sys [2009-11-12 329592]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-10-6 266240]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.5.2.11\ccSvcHst.exe [2009-9-9 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091128.020\NAVENG.SYS [2009-11-29 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20091128.020\NAVEX15.SYS [2009-11-29 1323568]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-15 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-15 8320]

=============== Created Last 30 ================

2009-11-29 13:02:33 0 d-----w- c:\program files\WBFS
2009-11-28 19:53:08 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-28 19:53:01 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-28 19:53:01 0 d-----w- c:\docume~1\stephen\applic~1\SUPERAntiSpyware.com
2009-11-28 19:52:42 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-28 19:48:18 0 d-----w- c:\docume~1\stephen\applic~1\Malwarebytes
2009-11-28 19:48:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-28 18:04:35 0 d-----w- c:\program files\ewido anti-malware
2009-11-28 18:00:20 0 d-----w- c:\program files\Trend Micro
2009-11-28 10:08:10 0 d-----w- c:\docume~1\stephen\applic~1\Scholastic
2009-11-28 07:27:05 0 d-----w- c:\docume~1\stephen\applic~1\Artogon
2009-11-27 21:28:05 0 d-----w- c:\docume~1\stephen\applic~1\TrojanHunter
2009-11-27 20:45:58 0 d-----w- c:\program files\TrojanHunter 5.2
2009-11-27 18:57:43 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-27 16:50:56 1128 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-27 16:45:06 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2009-11-27 16:44:13 0 d-----w- c:\program files\common files\iS3
2009-11-27 16:44:13 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-11-27 16:33:02 0 d-----w- c:\program files\common files\PC Tools
2009-11-27 12:32:56 0 d-----w- c:\docume~1\stephen\applic~1\Big Fish Games
2009-11-26 10:25:53 0 d-----w- c:\program files\Reincarnations - Awakening
2009-11-26 10:11:28 0 d-----w- c:\program files\Princess Isabella - A Witch's Curse
2009-11-26 10:09:52 0 d-----w- c:\program files\Hidden Expedition - Amazon
2009-11-26 10:07:48 0 d-----w- c:\program files\Midnight Mysteries - The Edgar Allan Poe Conspiracy
2009-11-26 09:47:04 0 d-----w- c:\program files\Mystery Case Files - Ravenhearst
2009-11-26 09:43:13 0 d-----w- c:\program files\Big City Adventure - Sydney Australia
2009-11-26 09:42:36 0 d-----w- c:\program files\Ghost Town Mysteries - Bodie
2009-11-25 18:07:59 0 d-----w- c:\windows\system32\appmgmt
2009-11-23 09:24:58 0 d-----w- c:\docume~1\stephen\applic~1\Lazy Turtle Games
2009-11-22 14:04:17 0 d-----w- c:\docume~1\stephen\applic~1\blg
2009-11-22 14:04:17 0 d-----w- c:\docume~1\alluse~1\applic~1\blg
2009-11-21 13:47:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alawar Stargaze
2009-11-20 09:57:53 0 d-----w- c:\docume~1\stephen\applic~1\MysteryStudio
2009-11-20 09:54:17 0 d-----w- c:\program files\Escape the Museum 2
2009-11-13 11:24:33 0 d-----w- c:\docume~1\stephen\applic~1\Enki Games
2009-11-09 12:14:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Gogii
2009-11-06 17:44:31 38 ----a-w- c:\windows\AviSplitter.INI
2009-11-06 13:04:56 0 d-----w- c:\docume~1\alluse~1\applic~1\JollyBear
2009-11-06 11:27:49 0 d-----w- c:\docume~1\stephen\applic~1\Awem
2009-11-06 09:15:40 0 d-----w- c:\docume~1\stephen\applic~1\Ph03nixNewMedia
2009-11-05 16:46:32 0 d-----w- c:\docume~1\stephen\applic~1\Dekovir
2009-11-05 10:20:19 0 d-----w- c:\docume~1\stephen\applic~1\ERS G-Studio
2009-11-05 10:12:45 0 d-----w- c:\program files\PuppetShow - Mystery of Joyville
2009-11-03 05:54:55 0 d-----w- c:\documents and settings\stephen\Saved Games
2009-11-03 05:54:55 0 d-----w- c:\docume~1\stephen\applic~1\Flood Light Games
2009-11-03 05:54:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Flood Light Games
2009-11-02 16:50:34 0 d-----w- c:\docume~1\stephen\applic~1\Playrix Entertainment
2009-11-02 16:34:56 0 d-----w- c:\program files\bfgclient
2009-11-02 16:34:08 0 d-----w- c:\docume~1\alluse~1\applic~1\BigFishGamesCache
2009-10-31 21:17:42 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2009-10-31 21:17:32 0 d-----w- c:\program files\NSS
2009-10-30 16:24:45 0 d-----w- c:\program files\iPod
2009-10-30 16:24:39 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-11-27 18:15:01 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-15 05:50:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-10-15 05:47:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-10-15 05:47:42 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-10-15 04:51:05 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-10-15 04:51:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-10-06 06:52:35 266240 ----a-w- c:\windows\system32\CSHelper.exe
2009-10-06 06:52:35 225280 ----a-w- c:\windows\system32\CSInstru.DLL
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:06:35 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-09 18:06:04 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-07-12 02:08:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009071120090712\index.dat

============= FINISH: 13:20:55.39 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:17 PM

Posted 07 December 2009 - 03:18 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 bobast

bobast
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 07 December 2009 - 04:24 PM

Hi there, no worries and thanks for the response! Logs are below:


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-07 21:22:30
Windows 5.1.2600 Service Pack 3
Running: 9idermmo.exe; Driver: C:\DOCUME~1\Stephen\LOCALS~1\Temp\kgliquow.sys


---- System - GMER 1.0.15 ----

SSDT 83D5B930 ZwAlertResumeThread
SSDT 83D867F8 ZwAlertThread
SSDT 83DA2650 ZwAllocateVirtualMemory
SSDT 831B94D0 ZwAssignProcessToJobObject
SSDT 864D1F08 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xEE718130]
SSDT 83D59688 ZwCreateMutant
SSDT 831B92F0 ZwCreateSymbolicLinkObject
SSDT 83D63058 ZwCreateThread
SSDT 831B95B0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xEE7183B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xEE718910]
SSDT 83DA27A0 ZwDuplicateObject
SSDT 83C72238 ZwFreeVirtualMemory
SSDT 83D59778 ZwImpersonateAnonymousToken
SSDT 83D5B870 ZwImpersonateThread
SSDT 864D3CF8 ZwLoadDriver
SSDT 83DBE830 ZwMapViewOfSection
SSDT 831B9978 ZwOpenEvent
SSDT 83D7F668 ZwOpenProcess
SSDT 83DA2720 ZwOpenProcessToken
SSDT 831B97D8 ZwOpenSection
SSDT 83D62718 ZwOpenThread
SSDT 831B93E0 ZwProtectVirtualMemory
SSDT 83DAD248 ZwResumeThread
SSDT 83233290 ZwSetContextThread
SSDT 83233350 ZwSetInformationProcess
SSDT 831B9690 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xEE718B60]
SSDT 831B98B8 ZwSuspendProcess
SSDT 83D868B8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE4530B0]
SSDT 83D86978 ZwTerminateThread
SSDT 83D69290 ZwUnmapViewOfSection
SSDT 83C72308 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D74 80504610 4 Bytes CALL E152C9F0
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ntdll.dll!RtlValidateUnicodeString + 554 7C9163BE 10 Bytes JMP 0459003A
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!OleInitialize + E37 77500521 7 Bytes JMP 045900F3
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!CoImpersonateClient + 51 775156C0 7 Bytes JMP 045901A9
.text C:\Program Files\Internet Explorer\iexplore.exe[4068] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 00F358A9
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00F3533A
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00F35286
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00F35221
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00F351EF
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00F355FF
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00F358A9
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00F358A9
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00F358A9
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00F355FF
IAT C:\WINDOWS\Explorer.EXE[228] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00F3533A
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\WINDOWS\system32\CSHelper.exe[304] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[492] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\LightScribe\LSSrvc.exe[620] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405286
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405221
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051EF
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\spoolsv.exe[684] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0007533A
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075286
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00075221
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000751EF
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000755FF
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000758A9
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000758A9
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 000758A9
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000755FF
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[696] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0007533A
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0008533A
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00085286
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00085221
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000851EF
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000855FF
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000858A9
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 000858A9
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000855FF
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000858A9
IAT C:\WINDOWS\system32\ctfmon.exe[716] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0008533A
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0003533A
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00035286
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00035221
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000351EF
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 000358A9
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 000355FF
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000358A9
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000355FF
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000358A9
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[736] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0003533A
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 0116533A
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0116533A
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01165286
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 01165221
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 011651EF
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 011658A9
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 011655FF
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 011658A9
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0116533A
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 011658A9
IAT C:\WINDOWS\system32\services.exe[1028] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 011655FF
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D2533A
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D25286
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D25221
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D251EF
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00D25286
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D2533A
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00D25286
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00D25221
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D255FF
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D258A9
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D258A9
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D255FF
IAT C:\WINDOWS\system32\lsass.exe[1040] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D258A9
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 013B533A
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 013B5286
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 013B5221
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 013B51EF
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 013B55FF
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 013B58A9
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 013B58A9
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 013B58A9
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 013B55FF
IAT C:\WINDOWS\system32\Ati2evxx.exe[1204] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 013B533A
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\OLE32.DLL [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\OLE32.DLL [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\MagicDisc\MagicDisc.exe[1288] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\system32\svchost.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B051EF
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E1533A
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E15286
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E15221
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E151EF
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E155FF
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E158A9
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00E158A9
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00E155FF
IAT C:\WINDOWS\system32\svchost.exe[1404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E158A9
IAT C:\WINDOWS\system32\svchost.exe[1404] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E1533A
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00D5533A
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00D55286
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00D55221
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00D551EF
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00D555FF
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00D558A9
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00D558A9
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00D555FF
IAT C:\WINDOWS\System32\svchost.exe[1448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00D558A9
IAT C:\WINDOWS\System32\svchost.exe[1448] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00D5533A
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0065533A
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00655286
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00655221
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006551EF
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 006555FF
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 006558A9
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 006558A9
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 006555FF
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 006558A9
IAT C:\WINDOWS\system32\svchost.exe[1496] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0065533A
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405286
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405221
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051EF
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\svchost.exe[1632] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1768] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Bonjour\mDNSResponder.exe[1828] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\WINDOWS\RTHDCPL.EXE[1860] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1896] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\iTunes\iTunesHelper.exe[2012] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405286
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405221
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051EF
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\system32\svchost.exe[2120] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\iPod\bin\iPodService.exe[2580] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Documents and Settings\Stephen\Desktop\9idermmo.exe[2620] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0007533A
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00075286
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00075221
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 000751EF
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 000755FF
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 000758A9
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 000758A9
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 000758A9
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 000755FF
IAT C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe[3128] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0007533A
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Internet Explorer\iexplore.exe[3148] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405286
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405221
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051EF
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\System32\alg.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00405286
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405221
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 004051EF
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 004055FF
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 004058A9
IAT C:\WINDOWS\System32\svchost.exe[3664] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0040533A
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\Internet Explorer\iexplore.exe[4068] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00135286
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135221
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 001351EF
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 001355FF
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 001358A9
IAT C:\Program Files\BitComet\BitComet.exe[4648] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 0013533A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B8843D20

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 866D12F6

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\lowsec 0 bytes
File C:\WINDOWS\system32\lowsec\local.ds 91618 bytes
File C:\WINDOWS\system32\lowsec\user.ds 2555281 bytes
File C:\WINDOWS\system32\lowsec\user.ds.lll 168468 bytes
File C:\WINDOWS\system32\sdra64.exe 192512 bytes executable
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:17 PM

Posted 07 December 2009 - 04:29 PM

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:17 PM

Posted 16 December 2009 - 03:20 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users